im working on a javascript UI framework for personal projects and im trying to create something like a React-hook that handles "encrypted at rest".
the react-hook is described in more detail here. id like to extend its functionality to have encrypted persistant data. my approach is the following and it would be great if you could follow along and let me know if im doing something wrong. all advice is apprciated.
im using indexedDB to store the data. i created some basic functionality to automatically persist and rehydrate data. im now investigating password-encrypting the data with javascript using the browser cryptography api.
i have a PR here you can test out on codespaces or clone, but tldr: i encrypt before saving and decrypt when loading. this seems to be working as expected. i will also encrypt/decrypt the event listeners im using and this should keep it safe from anything like browser extensions from listening to events.
the password is something the user will have to put in themselves at part of some init() process. i havent created an input for this yet, so its hardcoded. this is then used to encrypt/decrypt the data.
i would persist the unencrypted salt to indexedDB because this is then used to generate the key.
i think i am almost done with this functionality, but id like advice on anything ive overlooked or things too keep-in-mind. id like to make the storage as secure as possible.
thanks for your questions. i have a few links to share i hope will help answer your questions. but i will also try to answer them here. i think there is much to say, but i will try to keep it brief.
How is it hosted? What is the network topology? Which Trent must be trusted?
Has the cryptography been audited? What are the primitives and protocols used? What kinds of guarantees, aside from basic privacy, are actually established?
What happens during a disaster? Am I easy to dox, track, etc.? What bad things happen if somebody takes my phone from me?
here is a previous post i made on the matter: https://www.reddit.com/r/crypto/comments/1fmoykr/secure_and_private_encrypted_p2p_chat_in
i hope this answers your questions. please feel free to ask more questions for clarity. i will do my best to answer them.