Encryption modes #238
Merged
Encryption modes #238
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- all data storage functions accept an encryption mode of either 'end-to-end' or 'server-side' - 'end-to-end' is the default and keeps data e2e encrypted - 'server-side' sends all data to server encrypted except sends database encryption key in plaintext, which is still encrypted at rest on server - forgotPassword accepts a parameter to reset password and delete e2e encrypted data without needing access to seed. When this is triggered, client rotates user's seed and keys. all data stored with 'server-side' encryption mode is still accessible after resetting password this way
- safe because client only provides new keys if user signed in with temporary password that deletes their end-to-end encrypted data
- signIn now uses password based backup from server by default to decrypt seed, and only uses seed saved in local storage when required to when signing in with temp password. Also overwrites seed in local storage when using the backup every sign in - init will correctly return last used username prompting user to sign in again if incorrect seed saved - updateUser will update session's username upon rotating keys
- client uses app's encryption mode to set default encryption mode param on database & payment functions
- if end-to-end, user must have access to seed to receive temp password in email by default - if server-side, default behavior simply sends user's email the temp password to sign back in
- in server-side encryption mode - tested deleteEndToEndEncryptedData param
j-berman
force-pushed
the
encryption-modes
branch
2 times, most recently
from
03e0751
to
ed8f715
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Admins can now set their apps' encryption mode to either 'end-to-end' (the default), or 'server-side'. The 'end-to-end' encryption mode is the mode all apps that currently exist are set to. The 'server-side' mode is a new mode that allows users who forget their password to reset it and maintain access to their data, without needing access to a previously used device. This is our most requested feature at the moment. Here's what it looks like in the Admin panel:
Additional highlights in this PR
encryptionMode.changePasswordif the user needs to change their password to access database and payments functions in the SDK.deleteEndToEndEncryptedDatato allow users of an app with encryption mode set to 'end-to-end' who forget their password and lose access to their device to regain access to their account. (Enable user to delete all data and create new password #118)encryptionModeto override an app's default behavior for a database.Bug fixes
lastUsedUsernamewhen a user's seed stored in browser storage is incorrect, rather than throw ServiceUnavailable.