morambro
commented
9 months ago Hi, sorry for the late reply. In general we try to focus on answering Tink-specific issues/questions. IIUC this is more a question regarding a specific design, so I believe a more generic forum such as https://crypto.stackexchange.com would be a better place for obtaining feedback.
Hello guys, thank you for the development of a project like tink: it's important for the community to have such advanced tools to stay updated with missing security hazards in every scenario.
We're searching for a solution to not include secrets directly into the app for years, and today the most interesting scenario is using an external KMS.
We're trying to implement the following use case in a mobile app scenario (iOS and Android): users can send each other files via email or other sharing system (chat, whatsapp, etc) with some important information that have to be encrypted.
We've followed your guide here and the key management docs, so we've done these steps:
In our app we've implemented these encryption and decryption steps:
Now our doubts are: to do these operations we've to put inside our app the encrypted keyset json file, the service account credentials json file and the master key uri; so if we added into the app all the stuff needed to make encryption and decryption, why is this considerable secure?
An attacker can't simply take these secrets from the app and try to use them separately? Or in another way: is our procedure now secure?
Consider that this app haven't a login system, so it isn't possible to download the secrets from a server after an authentication.
We aren't security experts but we've always in mind these kind of app-related problems and we wish to find a right way to do these things.
Thank you