[web] Introduce `cryptoStore` to replace `primaryIdentityPublicKey` in Redux
ClosedPublic
Actions

Authored by atul on Feb 23 2023, 2:15 PM.

Details

Reviewers

ashoat
tomek
marcin

Commits

rCOMMad4b46f367ab: [web] Introduce `cryptoStore` to replace `primaryIdentityPublicKey` in Redux

Summary

Migrate from having primaryIdentityPublicKey in Redux to having the more flexible cryptoStore which will have both our primary identity keys AND notification identity keys.

Only the primaryIdentityPublicKey is being passed to the keyserver in the login/siwe_auth/register requests... so no behavior should change and this is effectively a "noop."

Depends on D6876

Test Plan

Migration succeeded:

primaryIdentityPublicKey is set correctly in the database:

Diff Detail

Repository

rCOMM Comm

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

atul created this revision.Feb 23 2023, 2:15 PM

atul published this revision for review.Feb 23 2023, 2:16 PM

atul edited the test plan for this revision. (Show Details)

atul added inline comments.

web/root.js
42	Not going to persist `cryptoStore` just yet.

Harbormaster completed remote builds in B16861: Diff 23040.Feb 23 2023, 2:31 PM

atul edited the summary of this revision. (Show Details)Feb 23 2023, 6:56 PM

atul added a parent revision: D6876: [web] Rename `setPrimaryIdentityPublicKey` to `setPrimaryIdentityKeys`.

atul added a child revision: D6878: [web] Dispatch `setNotificationIdentityKeys` in `LoginForm`.

atul added a reviewer: marcin.Feb 24 2023, 2:21 AM

EDIT – never mind, I see this is addressed later in the stack

What happens to the private keys? Figure that should be persisted somehow, but maybe it's handled later in the stack. If it isn't, can you create a task (or diff) and link here before landing?

I think it's pretty important that we make sure we don't lose the private keys... storing the public keys on the keyserver for notifs won't be useful if the clients aren't able to decrypt the notifs as they come in.

In terms of how to store the keys on the web:

Ideal solution: SubtleCrypto with a non-extractable encryption key. We would encrypt the "pickled" result from Olm with the non-extractable encryption key (AES-256, not sure what mode), and then we could store that encrypted blob somewhere like IndexedDB.
What we should probably do now: @kamil is working on an encrypted SQLite store and this will probably just go there. So instead of spinning our own solution now, we could probably just store in redux-persist for now.

This revision is now accepted and ready to land.Feb 24 2023, 8:14 AM