Database encryption key storage

[mrstecklo]

Hello,

I see this issue on how to improve security #188

And there is this brief description here https://core.telegram.org/tdlib/docs/classtd_1_1td__api_1_1set_database_encryption_key.html

Do I understand it right, that if I'm using setDatabaseEncryptionKey explicitly, then I'm responsible to store it in some secure manner (e.g. on a HSM)? But what about default encryption key? Does it provide any security at all or is it just about obscurity? Where does tdlib store database encryption key on windows? Is default encryption key hardcoded? Is it same for each client? Or for each OS user? Or for each tdlib-based app installation?

[levlam]

Do I understand it right, that if I'm using setDatabaseEncryptionKey explicitly, then I'm responsible to store it in some secure manner (e.g. on a HSM)?

Yes, unless you receive it from the user.

But what about default encryption key? Does it provide any security at all or is it just about obscurity?

If the user can launch the app, then it can access all the data anyway by design.

Where does tdlib store database encryption key on windows? Is default encryption key hardcoded? Is it same for each client? Or for each OS user? Or for each tdlib-based app installation?

None of these is specified.

[mrstecklo]

None of these is specified.

Ok, I understand it's not public contract. But can you at least give a hint on where in the source code should I look to figure out current implementation? I need to decide whether I should engage myself into using setDatabaseEncryptionKey

[levlam]

If the user can launch the app, then all the data can be accessed by the user. Whoever has access to filesystem can read all stored data, unless you protect it with a user-provided password.