Sanity check file system artifacts #73
Description
Feature Request
Is your feature request related to a problem? Please describe.
When writing encrypted ballots out to the file system, a ballot id is written along with the encrypted ballot representation. When importing this file into the ballot registration process it is possible that the file could be erroneously modified.
Similarly, when writing out cast/spoiled ballots to the file system, the records are written with a representation fo the cast or spoil state. When importing this file into the decryption/tally votes process the file could be modified.
Describe the solution you'd like
We could provide a check when loading ballots from the file system that verifies the integrity of the data. When saving an encrypted ballot to the file system, we can save a sha2 hash made from the external ballot id and the encrypted ballot representation. By saving the hash in the file, we can verify on import that the data imported matches the hash in the file. Similarly we can save a hash of the cast/spoil state when writing registered ballots out to the file system.
Teachability, Documentation, Adoption, Migration Strategy
This solution is designed to be a sanity check on data corruption and clerical errors.