Open gr2m opened 10 years ago
Not immediately related, but I was thinking about a different scenario, which works a bit like encrypted backups: all encryption happens in the client, all that is transmitted and stored is already encrypted and therefore useless for the server. So no server-side plugins, no data sharing etc. Which would only make sense for high-privacy applications with lots of exclusively personal data, so it wouldn't work for your example. It'd be like having an exclusively client-side app with the added safety of remote backups. Because who backs up their localstorage to Dropbox/AWS/Whatever, right? It would be nice to guarantee a remote backup with no hassle.
However, this variant would have the problem that authentication would still go via the server, but you wouldn't ever want to store the encryption key there. So you'd have a login plus the key, which isn't so cool.
Again, IANAC, so many grains of salt.
yeah, what @espy said. Encrypting data on a device and then keeping the encryption key on that device is terrible for a physical security scenario. We’d need a little more information about the whole scenario to give good advice here.
I just found out about this discussion/issue. So, I have write a hoodie-plugin, that kind of does something similar, but only client-side: hoodie-plugin-store-crypto. Maybe it will already fit most needs?
I would like to restart this discussion, because I'm currently thinking of updating the plugin. And would welcome some ideas.
For the key: I did opt to asking the developer for an encryption password. How they get it (users password, a separate password, something else ...) is outside of my package. And use the password (+ a random generated salt) to generate the key. Which limits the plugin mostly to end-to-end encryption. Which was my use case.
I did opt to asking the developer for an encryption password. How they get it (users password, a separate password, something else ...) is outside of my package. And use the password (+ a random generated salt) to generate the key.
@Terreii that’s the way to do it. +1
In some cases, data encryption on both client and server is required. For example in mesh-network setup, where the nodes are physically accessible and could be taken and looked into from outside.
I think an encryption layer could be added as a plugin. In the frontend, it would expose the same API as
hoodie.store
. For exampleThe logic to encrypt/decrypt object must exist on the server as well. For example, when an encrypted task object of type
order
gets triggered, the order plugin receives the encrypted data, decrypts it, executes it, updates it states, encrypts the new object, and updates the encrypted object in the user's database.Does that make sense so far? I'm not an encryption expert, so I can't make good suggestions on what encryption algorithms to use.