File encryption API updated to work on File blobs, separate metadata from contents, provide examples for storage and retrieval by content-addressing (via a hash of the ciphertext).
Note: files are encrypted using a dedicated key, that is stored in the metadata. This may not be ideal as that key may end up in the client cache or global state (eg: React Query or Apollo cache), after decryption.
An alternative would be to derive the file encryption key from the metadata encryption key, but since the two operations are decoupled, it may prove difficult. In the forms example, file contents are encrypted first (before the metadata encryption key is known), as metadata stores the encrypted content hash.
File encryption API updated to work on
File
blobs, separate metadata from contents, provide examples for storage and retrieval by content-addressing (via a hash of the ciphertext).Note: files are encrypted using a dedicated key, that is stored in the metadata. This may not be ideal as that key may end up in the client cache or global state (eg: React Query or Apollo cache), after decryption.
An alternative would be to derive the file encryption key from the metadata encryption key, but since the two operations are decoupled, it may prove difficult. In the forms example, file contents are encrypted first (before the metadata encryption key is known), as metadata stores the encrypted content hash.