Looking at how I seem to have figured out a way to upgrade to AGP 8, and not downgrade sshlib while being able to import tink, I think I want to try to polish and merge my earlier experiment of partial encryption of the preferences. The encrypted preferences would be stored in a file, encrypted with a hardware-based key, which should be as good as we can hope for. These preferences can't be restored from a backup due to the irretrievable nature of the key.
This issue is for discussing what exactly we want to encrypt. My current idea would be:
Relay password
SSH password
SSH key (on supported hardware the key is already stored in hardware, but notably Ed25519 keys are stored by serializing them)
Client SSL certificate We only store these in AKS, not SP
Media upload basic auth password
Thumbs if agreed, comment otherwise. Note, however, that hosts, usernames, additional fields and headers in the File sharing section are also potentially sensitive information.
ETA: We are also saving open buffers, sent messages, input history, caching media fetch attempts, uploads, and have some internally used (on-device) statistics for sorting shortcuts, etc.
Looking at how I seem to have figured out a way to upgrade to AGP 8, and not downgrade sshlib while being able to import tink, I think I want to try to polish and merge my earlier experiment of partial encryption of the preferences. The encrypted preferences would be stored in a file, encrypted with a hardware-based key, which should be as good as we can hope for. These preferences can't be restored from a backup due to the irretrievable nature of the key.
This issue is for discussing what exactly we want to encrypt. My current idea would be:
Client SSL certificateWe only store these in AKS, not SPThumbs if agreed, comment otherwise. Note, however, that hosts, usernames, additional fields and headers in the File sharing section are also potentially sensitive information.
ETA: We are also saving open buffers, sent messages, input history, caching media fetch attempts, uploads, and have some internally used (on-device) statistics for sorting shortcuts, etc.