search

amake / orgro

An Org Mode file viewer for iOS and Android
https://orgro.org
GNU General Public License v3.0
450 stars 21 forks source link

support biometrics/ app locking #24

Open gvoysey opened 3 years ago

gvoysey commented 3 years ago

I store personal and confidential information in my org documents.

As an enhancement, would you consider adding support for optionally requiring FaceID/TouchID/device PIN to unlock the app?

amake commented 3 years ago

That's an interesting idea. There is a Flutter plugin for that, so it could be doable: https://pub.dev/packages/local_auth

I'm curious, though: how do you secure the file itself? Orgro doesn't store anything so the source file must be accessible through other means; if that's not locked down then adding a lock to Orgro isn't very meaningful.

gvoysey commented 3 years ago

while it is true that files.app doesn’t have faceID unlock the way some other applications do (yet), i do like having app locks when possible anyway.

My threat model here is overly curious people that I have temporarily loaned my phone to, not anything more truly secure than that until such time as files.app provides real support, perhaps in iOS 14 🤞

chrstfer commented 3 years ago

You could have orgro encrypt sections per #33 and unlock/decrypt a given file's encrypted sections with biometrics (or a passcoce). That way you can store the keys in a safe app-specific storage location.

Added suggestion: You could also have orgro insert an elisp block which would decrypt the pgo'd text automatically when org-mode in emacs opens/runs the file. Not sure how to reconcile that with safely storing the key though. Maybe insert a password protected version as a comment within the elisp block and decrypt it?

amake commented 3 years ago

I don't see any API, at least in the Flutter package linked above, allowing use of biometrics to encrypt/decrypt or store values. All it offers is getting a boolean representing whether the user was recognized or not.

amake commented 6 months ago

I don't think it makes sense to require biometrics or authentication merely to open the app or view plain text files.

But it would make sense to have biometric auth in order to protect e.g. a private key stored in Orgro for decrypting content (see #33).

Relevant libraries: