Open krautsource opened 11 years ago
Imho it's ratherr uninteresting to enhance security on untrusted machines. Those users are already fucked anyway, there's no patch against that.
Crypting localStorage is an anti-forensics measure, but GnuPG doesn't support it so it'll be inconsistently used in only the OpenPGP.js driver, if it were to be implemented.
GnuPG doesn't support it so it'll be inconsistently used in only the OpenPGP.js driver, if it were to be implemented.
Hmm... to be honest, I see no harm in this. But a feasible alternative for the user would be to use Firefox Portable on a (encrypted) USB thumb drive, for example. Much less convenient, but more secure than encrypted localStorage on the machine itself. Come to think of it, maybe we should add a "best practices" section in the documentation/wiki?
I think there is no harm on having a private key exposed. It's useless without the password. Just don't remember it on session. Agree with @encomiast for "best practices" section...
For added security on untrusted or semi-trusted machines (like at the workplace or a family computer), do you guys think that encrypting the key list would be reasonable? Like AES-encrypting all data in localStorage using a user-supplied passphrase. That way, the user could leave his/her key list on the computer without having to worry about others gaining access to the private key or public keys (see threat model in the wiki; an attacker could already gain information just from the list of public keys in the browser's localStorage). I think this should be possible using openpgp.js.
Any thoughts on this? :-)