If there’s a better part of the forum to post to, please let me know.
I’ve been getting really interested in IPFS, and building a (almost completely) decentralized file sharing platform with end-to-end encryption. I was hoping I could get some feedback, specifically, related to the security of my design.
current build hosted at: using an ec2 as an IPFS node
My design so far is fairly simple. The application uses a user’s ethereum account (which must be injected using a service like Metamask) to identify users. I chose to use the ethereum account for a few reasons. Firstly, it offloads the responsibility of securely storing user’s sensitive data (i.e. passwords), but also for future use cases where a user can apply a smart contract to their files (i.e. put it behind a paywall, restrict access to specific people, etc).
However, though I would not be storing the user’s password anywhere, in order to asymetrically encrypt files, each user needs to generate a public key and a private key. Let’s call them PUB_USER and PRIV_USER. The public key stored in IPFS, completely unencrypted, and accessible to anyone. However, the storage of the private key is where my concerns lie. Here’s my current solution:
(Sorry for the spacing, ipfs only allows new users to add a single file to a post, and had to merge them at the last minute)
The app has a public key and a private key. say PUB_APP and PRIV_APP, where the PRIV_APP is injected into the app as an environment variable and PUB_APP exists in the app as a variable . There are some obvious security concerns to the way PRIV_APP is injected that I know need to be addressed.
Next, once the user’s keys, PUB_USER and PRIV_USER, are generated, PUB_USER is added to IPFS (should be accessible to anyone), and PRIV_USER is 1) asymetrically encrypted using PRIV_USER and PUB_APP 2) Stored in the browser’s local storage.
Let’s call this encrypted private key PRIV_USER_ENCRYPTED
Later, when the user want’s to asymetrically encrypt a file to send to another user, who has a public key PUB_OTHER_USER, this is achieved by getting PRIV_USER_ENCRYPTED from localstorage, decrypting it with PUB_USER and PRIV_APP, and then using PRIV_USER and PUB_OTHER_USER to encrypt the file. The decryption of the file works in the opposite way.
Apart from the encryption keys being at risk of being exposed, since they’re generated client side, are there any other obvious security concerns with this approach that I might be missing?
Thanks for reading!