Page MenuHomePhabricator

[web-db] generate and persist encryption key on main thread on Safari
ClosedPublic

Authored by kamil on Jun 6 2023, 10:13 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 4:10 AM
Unknown Object (File)
Fri, Nov 1, 3:48 AM
Unknown Object (File)
Fri, Nov 1, 3:48 AM
Unknown Object (File)
Fri, Nov 1, 3:48 AM
Unknown Object (File)
Fri, Nov 1, 3:41 AM
Unknown Object (File)
Oct 14 2024, 7:02 PM
Unknown Object (File)
Sep 29 2024, 5:43 AM
Unknown Object (File)
Sep 29 2024, 5:43 AM
Subscribers

Details

Summary

Generating/reading, persisting, and exporting to JWK encryption key on Safari.
(context)

Depends on D8120

Test Plan

Check in storage if key is properly persisted.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

kamil held this revision as a draft.
kamil published this revision for review.Jun 7 2023, 1:49 AM
kamil added inline comments.
web/database/sqlite-data-handler.js
31 ↗(On Diff #27488)

this key is deleted as in any other case by the worker on the CLEAR_SENSITIVE_DATA action - there is a task for improving this when eg. something will go wrong with worker (ENG-3610)

web/database/utils/db-utils.js
50 ↗(On Diff #27488)

in this case we care only about desktop safari to avoid running this code on mobile

tomek added inline comments.
web/database/sqlite-data-handler.js
20 ↗(On Diff #27488)

Why the result is optional?

web/database/utils/db-utils.js
50 ↗(On Diff #27488)

Why do we want to avoid this on mobile?

This revision is now accepted and ready to land.Jun 13 2023, 4:27 AM

address review

web/database/sqlite-data-handler.js
20 ↗(On Diff #27488)

we have two options:

  1. Call this function only on desktop safari
  2. Call this function always and return a null result for non desktop safari

and here is option 2, but now I think that this was bad decision, updating this to option 1

web/database/utils/db-utils.js
50 ↗(On Diff #27488)

we do not support database on mobile at all so it's no need for CryptoKey