Open garfield69 opened 7 years ago
while i do agree this is needed, we thoroughly think this through.
agreed. I raised this in particular with the view to reducing exposure to users that upload a copy of the backup to the cloud for us to use when working on ticket problems.
I would advise them to upload to a github issue and remove it upon download instead of 'the cloud'. this way we have control as soon as we see it.
My preliminary basic research and thoughts on the encryption topic.
Firstly, the Chrome JavaScript Stable API list https://developer.chrome.com/extensions/api_index does not yet contain any encryption services that I could find.
But I was thinking we could use CryptoJS https://code.google.com/archive/p/crypto-js/ , which I have used before when providing the ExtraTorrent search engine decryption.
Secondly, I am not in favour of encrypting the whole of the backup file, that is just too much hassle and I don't think is really necessary.
But I am in favour of just encrypting the torrent client passwords, and any other passwords we are saving in userPreferences.
To maintain backward compatibility, I thought to keep the current userPreference <client>.password
keys, and create a additional key, for instance <client>.encrypted
.
Whenever we want to use the passwords, we first check if <client>.encrypted
is loaded, and decrypt and use that.
If <client>.encrypted
is not loaded, we fall back to <client>.password
, which if loaded, we encrypt and save to <client>.encrypted
and then we set <client>.password
to null.
This should allow us to import old backups.
I thought to just use one of the simpler encryption schemes, such as AES-256, with a hardcoded passphrase.
Encrypt the passwords for the torrent clients (and any others services) stored in the user settings so that the backup does not provide exposure.