budgie
Anyone built a Phoenix or LiveView app with client-side encryption?
Anyone have success doing this?
- What are you doing for key management on the client side and how does this work together with encrypted fields in Ecto?
- How do you manage keys when it comes to teams or organizations, so that members of the organization can access and modify the data?
Any papers or resources you can point me to would be amazing. There are lots of companies doing this kind of work at the moment, but there’s still not a ton of info published on building privacy-preserving apps in this way.
Most Liked
jstimps
LiveSecret does E2EE with Phoenix/LiveView. The implementation might be able to serve as a basis for a more sophisticated app. Happy to answer any questions.
The key management is essentially:
- Passphrase is generated in the browser
- Secret cleartext is encrypted in the browser
- Ciphertext is sent to the server and stored in the DB
- Passphrase is never sent to the server. The user of LiveSecret decides how to protect the passphrase.
- On the receiving side, LiveView delivers the ciphertext and the receiving user provides the passphrase.
- The decryption happens in the browser.
ruslandoga
![]()
A bit off-topic, but I used GitHub - signalapp/libsignal: Home to the Signal Protocol as well as other cryptographic primitives which make Signal possible. · GitHub for an iOS app a long time ago with Phoenix Channels. The backend part was pretty “dumb” and all it did was store blobs of encrypted messages and move identity keys and prekeys around.
Popular in Discussions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









