Skip to content

748/new encryption strategy phase 2 #751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
klues wants to merge 4 commits into
base: master
Choose a base branch
from
Open

748/new encryption strategy phase 2 #751

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
eb209c1
#748 encrypt newly saved objects using username as salt
klues Jan 30, 2026
2cb80a9
#748 moving to new data model version 7 which uses username as salt f…
klues Jan 30, 2026
a9d1525
#748 adapted tests to reflect new encryption behaviour (username is s…
klues Jan 30, 2026
fb3c3c2
#748 added logs to check which versions are encrypted and decrypted
klues Jan 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/js/service/data/convertServiceDb.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,13 @@ function getModelConversionFunctions(objectModelVersion) {
object.modelVersion = modelUtil.getModelVersionString();
return object;
});
case 6:
filterFns.push(function (object, filterOptions) {
// fn from V6 to V7
// now using username as encryption salt instead of metadata.id
object.modelVersion = modelUtil.getModelVersionString();
return object;
});
}
return filterFns;
}
Expand Down
7 changes: 5 additions & 2 deletions src/js/service/data/encryptionService.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,12 @@ encryptionService.encryptObject = function (object) {
let jsonString = JSON.stringify(object);
let shortJsonString = JSON.stringify(dataUtil.removeLongPropertyValues(object));
let shortVersionDifferent = jsonString !== shortJsonString;
encryptedObject.encryptedDataBase64 = encryptionService.encryptString(jsonString, _encryptionSalts[0]);
let salt = localStorageService.getAutologinOrActiveUser();
encryptedObject.encryptedDataBase64 = encryptionService.encryptString(jsonString, salt);
encryptedObject.encryptedDataBase64Short = shortVersionDifferent
? encryptionService.encryptString(shortJsonString, _encryptionSalts[0])
? encryptionService.encryptString(shortJsonString, salt)
: null;
log.warn("encrypted data with version", encryptedObject.modelVersion);
return encryptedObject;
};

Expand Down Expand Up @@ -75,6 +77,7 @@ encryptionService.decryptObjects = function (encryptedObjects, options) {
let decryptedString = null;
let decryptedObject = null;
let salts = _encryptionSalts;
log.warn("decrypt version", encryptedObject.modelVersion);
if (modelUtil.getMajorVersion(encryptedObject) >= constants.MODEL_VERSION_CHANGED_TO_USERNAME_AS_SALT) {
let username = localStorageService.getAutologinOrActiveUser();
salts = [username].concat(_encryptionSalts);
Expand Down
22 changes: 15 additions & 7 deletions src/js/service/data/encryptionService.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
import { encryptionService } from './encryptionService';
import { EncryptedObject } from '../../model/EncryptedObject';
import { dataUtil } from '../../util/dataUtil';
import { localStorageService } from './localStorageService';
import { constants } from '../../util/constants';

jest.mock('../../externals/sjcl');
jest.mock('../../model/EncryptedObject');
Expand All @@ -14,6 +16,7 @@ let MODEL_NAME = 'MODEL_NAME';
let DEFAULT_PASSWORD = 'DEFAULT_PASSWORD';
let DEFAULT_SALT = 'DEFAULT_SALT';
let DEFAULT_ENC_KEY = DEFAULT_SALT + DEFAULT_PASSWORD;
let NEW_ENC_KEY = localStorageService.getAutologinOrActiveUser() + DEFAULT_PASSWORD;

test('encryptionService.encryptObject - Test 0', () => {
let object = { data: 'testdata' };
Expand All @@ -29,7 +32,7 @@ test('encryptionService.encryptObject - Test 1', () => {
encryptionService.setEncryptionProperties(DEFAULT_PASSWORD, DEFAULT_SALT);
let result = encryptionService.encryptObject(object);
expect(result instanceof EncryptedObject).toBeTruthy();
expect(result.encryptedDataBase64).toEqual(DEFAULT_ENC_KEY + json);
expect(result.encryptedDataBase64).toEqual(NEW_ENC_KEY + json);
expect(result.encryptedDataBase64Short).toEqual(null);
});

Expand All @@ -45,7 +48,7 @@ test('encryptionService.encryptObject - Test 2', () => {
id: ID,
_id: ID,
_rev: REV,
encryptedDataBase64: DEFAULT_ENC_KEY + JSON.stringify(object),
encryptedDataBase64: NEW_ENC_KEY + JSON.stringify(object),
encryptedDataBase64Short: null
};
encryptionService.setEncryptionProperties(DEFAULT_PASSWORD, DEFAULT_SALT);
Expand All @@ -62,7 +65,7 @@ test('encryptionService.encryptObject - Test 3', () => {
encryptionService.setEncryptionProperties(encryptionKey, DEFAULT_SALT);
let result = encryptionService.encryptObject(object);
expect(result instanceof EncryptedObject).toBeTruthy();
expect(result.encryptedDataBase64).toEqual(DEFAULT_SALT + encryptionKey + json);
expect(result.encryptedDataBase64).toEqual(localStorageService.getAutologinOrActiveUser() + encryptionKey + json);
expect(result.encryptedDataBase64Short).toEqual(null);
});

Expand All @@ -80,7 +83,7 @@ test('encryptionService.encryptObject - Test 4', () => {
id: ID,
_id: ID,
_rev: REV,
encryptedDataBase64: DEFAULT_SALT + encryptionKey + JSON.stringify(object),
encryptedDataBase64: localStorageService.getAutologinOrActiveUser() + encryptionKey + JSON.stringify(object),
encryptedDataBase64Short: null
};
encryptionService.setEncryptionProperties(encryptionKey, DEFAULT_SALT);
Expand Down Expand Up @@ -109,8 +112,8 @@ test('encryptionService.encryptObject - shortening 1', () => {
id: ID,
_id: ID,
_rev: REV,
encryptedDataBase64: DEFAULT_SALT + encryptionKey + JSON.stringify(object),
encryptedDataBase64Short: DEFAULT_SALT + encryptionKey + JSON.stringify(objectShortened)
encryptedDataBase64: localStorageService.getAutologinOrActiveUser() + encryptionKey + JSON.stringify(object),
encryptedDataBase64Short: localStorageService.getAutologinOrActiveUser() + encryptionKey + JSON.stringify(objectShortened)
};
encryptionService.setEncryptionProperties(encryptionKey, DEFAULT_SALT);
let result = encryptionService.encryptObject(object);
Expand All @@ -120,16 +123,19 @@ test('encryptionService.encryptObject - shortening 1', () => {

test('encryptionService.decryptObject - shortening', () => {
//with password -> real encryption
EncryptedObject.prototype.modelVersion = '{"major": 7, "minor": 0, "patch": 0}'; // newly created instances should have this modelVersion
let encryptionKey = 'mykey';
let object = {
data: getLongData(501),
modelName: MODEL_NAME,
modelVersion: constants.MODEL_VERSION,
id: ID,
_rev: REV
};
let objectShortened = {
data: dataUtil.getDefaultRemovedPlaceholder(),
modelName: MODEL_NAME,
modelVersion: constants.MODEL_VERSION,
id: ID,
_rev: REV
};
Expand All @@ -141,6 +147,7 @@ test('encryptionService.decryptObject - shortening', () => {

test('encryptionService.decryptObject - shortening, no short version', () => {
//with password -> real encryption
EncryptedObject.prototype.modelVersion = '{"major": 7, "minor": 0, "patch": 0}'; // newly created instances should have this modelVersion
let encryptionKey = 'mykey';
let object = {
data: getLongData(10),
Expand All @@ -155,6 +162,7 @@ test('encryptionService.decryptObject - shortening, no short version', () => {

test('encryptionService.encryptObject - shortening 2, below threshold', () => {
//with password -> real encryption
EncryptedObject.prototype.modelVersion = '{"major": 7, "minor": 0, "patch": 0}'; // newly created instances should have this modelVersion
let encryptionKey = 'mykey';
let object = {
data: getLongData(500),
Expand All @@ -167,7 +175,7 @@ test('encryptionService.encryptObject - shortening 2, below threshold', () => {
id: ID,
_id: ID,
_rev: REV,
encryptedDataBase64: DEFAULT_SALT + encryptionKey + JSON.stringify(object),
encryptedDataBase64: localStorageService.getAutologinOrActiveUser() + encryptionKey + JSON.stringify(object),
encryptedDataBase64Short: null
};
encryptionService.setEncryptionProperties(encryptionKey, DEFAULT_SALT);
Expand Down
2 changes: 1 addition & 1 deletion src/js/util/constants.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
let constants = {};

constants.ELEMENT_EVENT_ID = 'ELEMENT_EVENT_ID';
constants.MODEL_VERSION = '{"major": 6, "minor": 0, "patch": 0}';
constants.MODEL_VERSION = '{"major": 7, "minor": 0, "patch": 0}';
constants.MODEL_VERSION_LOCAL = '{"major": 1, "minor": 0, "patch": 0}';
constants.MODEL_VERSION_CHANGED_TO_USERNAME_AS_SALT = 7;

Expand Down