-
Notifications
You must be signed in to change notification settings - Fork 525
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use electron safeStorage #3676
Comments
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
Testing
|
safeStorage passes through a Chromium API and that doesn't get initialized until a BrowserWindow gets created: |
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
We decided to not user Chromium APIs because they are coupled to window pretty tightly and we have no control over it |
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
* renames PathUtils.swapFilename to replaceLastComponent * provides a new impl for SecretStorage * uses electron.safeStorage to encrypt the device key that then gets stored in a file in app.getPath('userData')/safe_storage/ * from now on, per-user data is encrypted with a per-user key, even for per-machine installs. #3733 close #3676
Some points to check:
|
MacOS:
Linux (GNOME/Seahorse/libsecret):
Windows:
|
I'm unsure how to test this for flatpak. we can easily make a test build (or several) once it's released, but the build process expects the prebuilt client to be on github. Not sure where to put test builds for it to pick up. maybe attach it to an old release and hardcode the URL? Is there a way to build this locally? |
yeah I'd try just using flatpak builder |
It just works and defaults to gnome-libsecret backend if we just update tutanota to use safeStorage. Still needs libsecret. |
once #3658 lands, we could use the new
safeStorage
API to encrypt the device key and store it in a file.This would offload the device key management to electron and make our direct keytar dependency obsolete.
The text was updated successfully, but these errors were encountered: