Skip to content

Commit

Permalink
add encryption of DMs's data cache
Browse files Browse the repository at this point in the history
  • Loading branch information
Simon Grim committed Jul 13, 2017
1 parent 0133ffd commit 4bac2d5
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 9 deletions.
1 change: 1 addition & 0 deletions home.html
View file
Expand Up @@ -28,6 +28,7 @@
<script src="js/interface_common.js"></script>
<script src="js/interface_home.js"></script>
<script src="js/jquery.textcomplete.min.js"></script>
<script src="js/twister-crypto-bundle.js"></script>

<link rel="shortcut icon" type="image/png" href="img/twister_mini.png" />
</head>
Expand Down
30 changes: 21 additions & 9 deletions js/twister_newmsgs.js
View file
Expand Up @@ -200,6 +200,8 @@ function saveDMsToStorage() {
};
}

pool = twister.var.key.pub.encrypt(JSON.stringify(pool));
delete pool.orig; // WORKAROUND the decrypt function does .slice(0, orig) but something goes wrong in process of buffer decoding (if original string contains non-ASCII characters) and orig may be smaller than the actual size, if it is undefined .slice gets it whole
$.initNamespaceStorage(defaultScreenName).localStorage.set('DMs', pool);
}

Expand All @@ -208,6 +210,12 @@ function loadDMsFromStorage() {

if (storage.isSet('DMs')) {
var pool = storage.get('DMs');
if (pool.key && pool.body && pool.mac) {
if (pool = twister.var.key.decrypt(pool))
pool = JSON.parse(pool.toString());
else
console.warn('can\'t decrypt DMs\' data cache');
}
if (typeof pool === 'object') {
for (var peerAlias in pool) {
if (!twister.DMs[peerAlias])
Expand Down Expand Up @@ -454,16 +462,20 @@ function updateGroupList() {

function initDMsCount() {
twister.DMs = {};
loadDMsFromStorage();
$.MAL.updateNewDMsUI(getNewDMsCount());
$.MAL.updateNewGroupDMsUI(getNewGroupDMsCount());
//quick hack to obtain list of group chat aliases
updateGroupList();
setInterval(updateGroupList, 60000);
dumpPrivkey(defaultScreenName, function (req, res) {
twister.var.key = TwisterCrypto.PrivKey.fromWIF(res);

setTimeout(requestDMsCount, 200);
//polling not needed: processNewPostsConfirmation will call requestDMsCount.
//setInterval('requestDMsCount()', 5000);
loadDMsFromStorage();
$.MAL.updateNewDMsUI(getNewDMsCount());
$.MAL.updateNewGroupDMsUI(getNewGroupDMsCount());
//quick hack to obtain list of group chat aliases
updateGroupList();
setInterval(updateGroupList, 60000);

setTimeout(requestDMsCount, 200);
//polling not needed: processNewPostsConfirmation will call requestDMsCount.
//setInterval('requestDMsCount()', 5000);
});
}

function newmsgsChangedUser() {
Expand Down

3 comments on commit 4bac2d5

@slr
Copy link
Collaborator

@slr slr commented on 4bac2d5 Jul 13, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@miguelfreitas I was not sure about DMs' caching so I did this. I never worked before with twister-crypto-bundle.js so it needs your attention. there's an option to turn this encryption off in the next commit.

first we dump private key and create crypto key object, then we use it to encrypt DM's data cache to store in localStorage and to decrypt too.

@miguelfreitas
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

very interesting, i never thought of that use! :-)

but what exactly is the threat model you have in mind? are you aware the dm's are still not encrypted in the filesystem as stored by the daemon itself?

@slr
Copy link
Collaborator

@slr slr commented on 4bac2d5 Jul 14, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it's for ones who may use it from remote machine or something. I don't know. sometimes people go crazy and strange things happen. paranoia mode on.

Please sign in to comment.