Skip to content

Encrypting token secrets

Currently Keysmith does not do this, so let's create a 'formal' issue for it.

Should probably tie in with #2 (closed)

Open questions:

Encryption/decryption scheme:

  • What KDF do we use? PBKDF#2, Argon? I.e. how do we turn a user master password for a token/account data file into a key for encryption?
  • What construction do we use for secrets: AES-GCM? AES-CBC + MAC? ChaCha + Poly? How does the chosen scheme hold us against plain text re-use, do we need to worry about nonce re-use? What are the right crypto building blocks to use (QCA) ?
  • Do we decide to encrypt all token parameters and not just the secret itself?
  • Do we store encryption algorithm parameters per-account, globally, or do we assume a specific implementation?

Secret handling in RAM (lifetime of unencrypted data):

  • Do we load tokens, decrypt secrets and then keep decrypted secrets in RAM while using them for generating tokens
  • Or: do we load tokens and then decrypt them on the fly when generating tokens.