Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rewrite encryption #86

Open
uhthomas opened this issue Oct 9, 2020 · 0 comments
Open

Rewrite encryption #86

uhthomas opened this issue Oct 9, 2020 · 0 comments

Comments

@uhthomas
Copy link
Owner

uhthomas commented Oct 9, 2020

The current system read content fully into memory, and encrypts it using AES128-GCM. The key, IV and nonce are then stored in a URL hash. This is fine, but has a few down-sides:

  • In-memory isn't great for large files (this is primarily because of browser limitations).
  • The IV and nonce can be public, and don't need to be stored in the URL, making it shorter.
  • AES128-GCM is fine, but ChaCha20-Poly1305 is the current standard for authenticated encryption.
  • It's not easy to iterate on as there is no meta association. Writing a protobuf definition as a sort of header would allow the inclusion of extra metadata and flexibility in encryption ciphers.
  • No support for passwords

A lot of these would be solved by adding a protobuf definition, but the big issue is browser support for:

  • Fetch streams (read/write)
  • File API
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant