Hi, Jorropo, thanks for taking the time to answer.
I’m happy to collaborate on making this a Kubo feature. If it’s not appropriate as a feature, I’ll hack my own copy.
Are there any other places Kubo stores private info besides the config file and keystore?
No it’s not encrypted at rest. The PrivKey field in the
config json file contains the plain text private key.
Yes, with Kubo’s current design, any program with access to the user’s home directory can steal their identity by searching text files.
There is no such feature implemented to encrypt private data.
Bummer. Luckily, I can create!
The first question to implement such feature is with what key is the private key gonna be encrypted with ? Do you expect Kubo to prompt you for a passphrase everytime you start
ipfs daemon ?
No, that’s not my use case, but I see how it could be added to Kubo, and I’d be interested in collaborating to create encryption at rest for all Kubos.
Programs ask for a password to generate a hash. That hash is used as a symmetric encryption key. To be secure, a “salt” is added to the password. This salt prevents “rainbow” attacks. The salt needs to be stored in the clear.
My program’s UI already asks for a password, salts, hashes, and uses the hash to decrypt a sqlite3 database. So I just need to pass the symmetric key.
My first plan was to just send the kubo config as an env var. This can be done by modifying Kubo’s serializer.
This prevents the config from being written to disk, but it’s a broken design because:
- the config file isn’t the only secret data
- ‘ipfs init’ doesn’t understand.
So I need a new design. So far, I have the config file and the Keystore for secrets.
I don’t think the DataStore needs encryption because content is secured in the application layer or unencrypted by design.
If Kubo wanted it’s own first-class encryption-at-rest feature, it might include some use cases like this:
These two use cases aren’t interchangeable, but would cover most use cases.
Super long post! You read this far, what do you think?