New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

request: clientside encryption #62

Open
sneak opened this Issue Jul 10, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@sneak
Copy link

sneak commented Jul 10, 2018

I would like to keep a personal log of my tracks but would host any data collection service on an endpoint not under my physical control. I'd love to be able to put a public key into the app, or set a suitably strong PSK (or a passphrase from which a symmetric encryption key could be derived using a strong time-and-memory-hard PBKDF), so that the updates that go to the server are encrypted in such a way that they cannot be decrypted by the server at all. Then I could fetch them all later, decrypt them locally on a trusted machine, and analyze them as I wish.

@aaronpk

This comment has been minimized.

Copy link
Owner

aaronpk commented Jul 14, 2018

This is a neat idea, but unfortunately the way this app works makes this pretty impractical. The app expects to be able to send a POST request to a URL, it isn't really built around the idea of storing data in a file. I think this would be too big of a change for me to take this on, sorry.

@aaronpk aaronpk closed this Jul 14, 2018

@sneak

This comment has been minimized.

Copy link

sneak commented Jul 14, 2018

I'm suggesting that you just POST the data up, but POST up encrypted data. Let the server deal with it as it wishes.

@aaronpk

This comment has been minimized.

Copy link
Owner

aaronpk commented Jul 15, 2018

hm, I guess that's the easy way to handle it. I'll reopen and mark as under consideration, but fair warning this isn't high on my priority list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment