Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Element-R: Use the "pickleKey" to encrypt the indexeddb crypto store #24967

Closed
richvdh opened this issue Mar 27, 2023 · 0 comments · Fixed by matrix-org/matrix-js-sdk#3732
Closed

Element-R: Use the "pickleKey" to encrypt the indexeddb crypto store #24967

richvdh opened this issue Mar 27, 2023 · 0 comments · Fixed by matrix-org/matrix-js-sdk#3732
Assignees
@richvdh
Labels
A-Element-R Issues affecting the port of Element's crypto layer to Rust T-Enhancement

Comments

@richvdh
Copy link
Member

richvdh commented Mar 27, 2023
edited
Loading

Currently we hardcode "test pass" as the encryption passphrase for the IndexedDB data (see https://github.com/matrix-org/matrix-js-sdk/blob/develop/src/rust-crypto/index.ts#L39-L40).

The react-sdk generates an AES key random string and passes it into the js-sdk as pickleKey. We should use that instead.

(The advantage of this is that the random string is itself encrypted with an AES key, which is generated with extractable set to false, which makes it more difficult to steal someone's entire crypto store via an XSS vulnerability or similar.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@richvdh richvdh

Labels
A-Element-R Issues affecting the port of Element's crypto layer to Rust T-Enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Element-R: use the pickleKey to encrypt the crypto store matrix-org/matrix-js-sdk
1 participant
@richvdh