Reevaluate timing of retrieval of storage key #67
Comments
|
Per #183, also review whether we can persist an encrypted storage key between sessions (e.g. This might require additional specification of when it should be removed from local storage (e.g. when authentication expires). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In generate and store and retrieve, the client needs to retrieve their storage key. Currently, the flows retrieve it at the beginning of the protocol, then use it later.
This is technically fine, but in the implementation, we want to try to bundle cryptographic operations together to reduce exposure of unencrypted keys. The cryptography module does not handle networking or database access, so operations can only be bundled if they aren't interspersed with these calls.
Two possible options to achieve this (there may be others):
retrieve_storage_keywhere they are, but change the function to return the encrypted storage key. Decrypt the key when it is used. E.g. in generate-and-store, add an action before 3.ii to decrypt the storage key.retrieve_storage_keythe same, but call it immediately before use. E.g. in generate-and-store, the first step of 3 should be "callretrieve_storage_key"@marsella is slightly partial to 1, because it reduces the spec changes and simplifies the code blocks: since
retrieve_storage_keyincludes networking, it won't be fully defined in the cryptography module. This means it's not completely simple to bundle the decryption of the storage key in that function with its use in another crypto function. We could probably achieve what we want by doing some slightly fancy type stuff -- passing a follow-up function likeencrypt_secretto theretrieve_storage_keyfunction, so that theStorageKeytype can remain private to the dams crate / crypto module. But it would add some code complexity.Possible concerns:
The text was updated successfully, but these errors were encountered: