search

MatrixAI / js-encryptedfs

Encrypted Filesystem for TypeScript/JavaScript Applications
https://polykey.com
Apache License 2.0
10 stars 3 forks source link

Storage and management of encryption keys #10

Closed MeanMangosteen closed 5 years ago

MeanMangosteen commented 5 years ago

EFS uses symmetric keys for encryption. To decrypt a file, you need to have the same symmetric that was used for encryption. EFS should provide some functionality to do generation, storage, and retrieval of keys. A sepatate KeyManager class can be made to do this.

Its functions would be:

Key Generation:

PBKDF2 will be used if a symmetric key is to be generated. It is highly recommended that salt be used especially for low-entropy, dictionary based passwords. We would also need to store this salt somewhere.

Key Storage:

There needs to be a way to store the keys as well if they user wishes to persist the key on disk. Also a method to simply retrieve the key as a Buffer. Perhaps there should also be a warning message printed to alert the user that the key should be protected with asym crypto if writing key to disk.

Key/Salt Retrieval

From disk and into an in-memory buffer.

Another issues is where to store all these artefacts. As of now it can be stored in ~/.efs/ by default unless a path is specified. There is also no restriction on using only one key, i.e. each EFS instance can be instantiated with a different key. They may all have to share the ~/.efs/ space so subdirectories may be needed for each key/profile.

This way, EFS is simply responsible for taking a key as Buffer in it's constructor which the KeyManager will provide: either by loading from disk or generating from passphrase/salt pair, now EFS is free to do it's business

MeanMangosteen commented 5 years ago

Implemented in 3ab470d

CMCDragonkai commented 5 years ago

As per our previous discussion, we should consider EFS to be a library. Not a full on application. Thus the key management should be pushed to js-polykey not here. Instead EFS constructor should just take a key buffer as a simple parameter and just use it.

It's more like a library FS rather than anything else. This is also why I don't think we should be having something like ~/.efs at all. Because the keynode state can be anything, and I don't want to tie EFS to any platform specific workflows.

CMCDragonkai commented 5 years ago

Work on this should be moved to https://github.com/MatrixAI/js-polykey/issues/22. So all the vault key management here should be moved to js-polykey.