Zero access encryption and LiveView?

Would LiveView be considerable for a use case where one wants the users of a service to control their own data by the use of client side encryption (like Proton)?

If so, is there an obvious point in the framework where one could hijack the (magic) parts of LiveView to perform encryption and decryption?

Also, is there anyone else who also is super excited about this?! :raising_hand_man:t3::clap:t2:

Kind regards,
Your friendly entry level LV enthusiast

1 Like

kind of related: Transparent Column Encryption with Postgres.

That’s like Cloak.Ecto — cloak_ecto v1.2.0 right?

I’m thinking that one would like to do that in addition to client side encryption and decryption. The use case I have in mind is one where you really want to make sure that the stored data doesn’t leak. And if it does leak, you really don’t want it to be en masse.

ha! i was not aware of this one; TIL

i am not sure about it. i guess it depends on your threat model.
if you do all of the cryptography-related stuff in the browser, client-side, you might not have a reason to do it server-side.

i shared a link as a curiosity - it’s kind of opposite of what you are asking about. :slight_smile:
HOWEVER, turns out Postgres can run in the browser :joy:

1 Like

Wow, browsers these days! :muscle:t2:

Yes this is an area of application where you as a service provider wants close to zero access to the data and also as many layers of security as possible :disguised_face:

I’m looking at OpenPGP.js. It just happens to be maintained by Proton.

Obviously, doing client-side encryption and decryption will be a Major Headache :saluting_face: But it will be worth it.

1 Like

I’ve been thinking along these lines too. You probably don’t need to hijack LV, but simply use a hook to decrypt the contents of an element after it’s mounted or updated (or maybe using beforeUpdate).

1 Like

Keyword being “simply” there :see_no_evil:

Thank you for your input :pray:

I’ll post a link to a repo of a proof of concept if I manage to get something together.

1 Like
1 Like

Thanks @derpycoder, that work by @jstimps is really neat :ok_hand:t2: The repo has a lot of goodies in it that I realise could provide some useful insights in my own efforts.

I for one however wouldn’t be able to manage the subtle encryption API properly. Not that it matters too much since we are talking about an MVP that would receive a prompt “shift left” by security specialists if it “takes off” to any degree.

Again, thanks!