Feature Proposal - Encrypt local config

Kyrodan / KeeAnywhere

A cloud storage provider plugin for KeePass Password Safe

https://keeanywhere.de

MIT License

701 stars 86 forks source link

Feature Proposal - Encrypt local config #348

Open andrew-lis opened 2 years ago

andrew-lis commented 2 years ago

Background: Right now the file "KeeAnywhere.Accounts.json" is not protected at all (Windows Control Access is easy to overcome), yet it contains sensitive, unencrypted tokens that allows anyone to access all files on the Remote Drive (Google Drive, Dropbox, etc).

Proposal:

KeeAnywhere should encrypt the "KeeAnywhere.Accounts.json" file at account creation with a user password (different than the one to the KeePass database)
require a user password to provide the password at program start.
There should be a feature flag for that

gab commented 3 months ago

At this point this is starting to resemble a lot the defunct's KeeCloud workflow, which was a lot more secure: 1- Open Keepass Database 2- Credentials for the cloud service are inside the database 3- Sync with cloud database using File -> Synchronize -> Synchronize with URL

It would feel like a better time investment to support this scenario than to implement a parallel encryption system which will inevitably be less mature and less secure than Keepass itself.

andrew-lis commented 3 months ago

It would feel like a better time investment to support this scenario than to implement a parallel encryption system which will inevitably be less mature and less secure than Keepass itself.

You may be right, but the users should be notified when the flow I'd described is used.

Jackabomb commented 3 months ago

Actually, the json Secret field is encrypted. It just might not look like it. Here's where the encryption actually happens; it uses an OS-provided encryption/decryption API, meaning the decryption key for the secret is not stored in accounts.json, keepass.xml, or the plugin.