More info please on ccviewer

[philrasch]

I am very interested in ccviewer, but I don't have enough info to decide whether to use it.

Because most cloud providers already have pretty good apps for accessing unencrypted files on an iphone, my usecase is primarily to access encrypted files (encrypted using rclone, cryptomator, encfs, etc) that I have stored on the cloud). These encrypted files hold stuff I am not particularly interested in sharing with cloud providers.

But to be comfortable accessing this data with ccviewer, I want to know the following things: 1) are you using existing software packages (in the form of compiled codes from publicly available source from rclone, plcloud, etc) that have been embeded into ccviewer, or are you replicating the algorithms found in those packages? I would feel more comfortable knowing that the codes are directly taken from the original authors and updated when bugs are found and fixed by those teams, rather than using some method of translating those codes (by hand or automatically) to another language.

2) can you describe the mechanisms you are using for storing (or not) the passwords, keys, bucket IDs, necessary to access the encrypted files? I would like to make sure that these pieces of information are handled securely, and I would like to make sure that they are not accessible to other apps. Are the mechanisms used by the original teams being for storing this information being used by ccviewer or have you chosen another approach? Is your approach a common strategy used by iphone apps?

3) have you considered a security audit?

Thanks for providing us this cool tool. I can't find anything quite like it, so I hope your answers reassure me that it is a good choice for my usecase

Phil

[lithium0003]

This app is open source, you can compile it for your own binary.

1. This app using encryption routine translated to swift by my own. I referenced official documents and source code and translated to swift because iOS software needs this language. So, Cryptomator encryption method changed, this app need to follow it but not yet (#31). It is one choice that using other binary as is, but is difficult compiling in iOS and combining to my module. This app plan to play video and audio files trans-decrypting on the fly, I decided using encryption code written by swift referenced to original algorithm.

2. User secret information stored in iOS keychain. like this: https://github.com/lithium0003/ccViewer/blob/e149e3f58d2672209d59a51c8298fe65476ee7e7/RemoteCloud/RemoteCloud/RemoteStorage.swift#L445 iOS keychain is secure, I believe.

3. You can audit my code, it's all open.

The Apple Store version ccViewer is just different in "RemoteCloud/RemoteCloud/Secret.swift". This file stored app client secrets to access cloud storages, they can't share.

[shural]

Could you please be specific about which Cryptomator version your latest release is compatible with?