Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4AA2777EA for ; Wed, 9 Nov 2011 21:14:29 +0000 (UTC) Received: (qmail 32776 invoked by uid 500); 9 Nov 2011 21:14:27 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 32710 invoked by uid 500); 9 Nov 2011 21:14:27 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 32702 invoked by uid 99); 9 Nov 2011 21:14:27 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 21:14:27 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jens@couchbase.com designates 206.225.164.28 as permitted sender) Received: from [206.225.164.28] (HELO EXHUB020-1.exch020.serverdata.net) (206.225.164.28) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Nov 2011 21:14:19 +0000 Received: from EXVMBX020-1.exch020.serverdata.net ([169.254.4.132]) by EXHUB020-1.exch020.serverdata.net ([206.225.164.28]) with mapi; Wed, 9 Nov 2011 13:13:58 -0800 From: Jens Alfke To: "user@couchdb.apache.org" Date: Wed, 9 Nov 2011 13:13:57 -0800 Subject: Re: Handling encryption keys in a disconnected environment Thread-Topic: Handling encryption keys in a disconnected environment Thread-Index: AcyfJH50GoauOfP+RFW+UNCXAVfzZQ== Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary="_000_EA33F3BAB54341A0AC8EC1CBBC935228couchbasecom_" MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org --_000_EA33F3BAB54341A0AC8EC1CBBC935228couchbasecom_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable On Nov 9, 2011, at 9:58 AM, Jay Zamboni wrote: we want the client application to be able to decrypt data even when it cannot connect to the server. This seems to force us to store the decryption key on the client with the encrypted data. Storing the key locally seriously weakens our security so we would want to at least encrypt the stored key with the users password(+salt). Is this a pure web-app or will it have native components? iOS has APIs for = storing secrets like keys in a secure encrypted =93keychain=94. I=92m sure = Android has a similar feature. (Even if you=92re going to use a wrapper lik= e PhoneGap to package your app for mobile devices, then that=92s likely to = have JavaScript bindings for those APIs.) Encrypt key using session id and store in couch As the user goes from page to page we would use the session id to load the encryption key. When the user logs out or the session times out, the session id should not exist anywhere. I don=92t know the implementation details of how CouchDB tracks sessions, b= ut if it stores the currently active session IDs on disk, then this won=92t= be secure, as an attacker can look at the server=92s files and locate both= the session key and the server key that was encrypted with it. =97Jens --_000_EA33F3BAB54341A0AC8EC1CBBC935228couchbasecom_--