From user-return-18775-apmail-couchdb-user-archive=couchdb.apache.org@couchdb.apache.org Wed Nov 9 23:45:00 2011 Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 40B6C71D4 for ; Wed, 9 Nov 2011 23:45:00 +0000 (UTC) Received: (qmail 44038 invoked by uid 500); 9 Nov 2011 23:44:58 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 43976 invoked by uid 500); 9 Nov 2011 23:44:58 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 43968 invoked by uid 99); 9 Nov 2011 23:44:58 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 23:44:58 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.161.180] (HELO mail-gx0-f180.google.com) (209.85.161.180) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 23:44:53 +0000 Received: by ggnv5 with SMTP id v5so3244645ggn.11 for ; Wed, 09 Nov 2011 15:44:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.68.41.161 with SMTP id g1mr9028382pbl.67.1320882271672; Wed, 09 Nov 2011 15:44:31 -0800 (PST) Received: by 10.68.55.164 with HTTP; Wed, 9 Nov 2011 15:44:31 -0800 (PST) In-Reply-To: References: Date: Wed, 9 Nov 2011 16:44:31 -0700 Message-ID: Subject: Re: Handling encryption keys in a disconnected environment From: Jay Zamboni To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=bcaec543078097d86a04b155dec2 --bcaec543078097d86a04b155dec2 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable Thanks for the input Jens << Is this a pure web-app or will it have native components? The ideal solution was intended to be a pure web app. We have considered a native/html solution like PhoneGap for other reasons. I suppose this adds more weight in that direction. < wrote: > > On Nov 9, 2011, at 9:58 AM, Jay Zamboni wrote: > > we want the client application to be able to decrypt data > even when it cannot connect to the server. This seems to force us to sto= re > the decryption key on the client with the encrypted data. Storing the ke= y > locally seriously weakens our security so we would want to at least encry= pt > the stored key with the users password(+salt). > > Is this a pure web-app or will it have native components? iOS has APIs fo= r > storing secrets like keys in a secure encrypted =93keychain=94. I=92m sur= e > Android has a similar feature. (Even if you=92re going to use a wrapper l= ike > PhoneGap to package your app for mobile devices, then that=92s likely to = have > JavaScript bindings for those APIs.) > > Encrypt key using session id and store in couch > As the user goes from page to page we would use the session id to load th= e > encryption key. When the user logs out or the session times out, the > session id should not exist anywhere. > > I don=92t know the implementation details of how CouchDB tracks sessions, > but if it stores the currently active session IDs on disk, then this won= =92t > be secure, as an attacker can look at the server=92s files and locate bot= h > the session key and the server key that was encrypted with it. > > =97Jens > --bcaec543078097d86a04b155dec2--