-
-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement Cross-Platform Sandboxing for Secure Data Storage in Freenet #1154
Comments
Here is a "roll our own" solution that might solve the issue, it's inspired by how Freenet's delegates work. Proposal: Cross-Platform Keyring Utility in RustObjectiveDevelop a cross-platform keyring utility in Rust that securely provides cryptographic keys to a process only if the process binary is digitally signed with a specified cryptographic key. This avoids the need to request user permission for key access. This tool will work out-of-the-box on Windows, macOS, Linux, Android, and iOS without requiring additional hardware. Features
Components
Design1. Keyring LibraryThe core library will provide the following functionality:
Keyring APIpub struct Keyring {
// Opaque type for the keyring
}
impl Keyring {
/// Create a new keyring instance
pub fn new() -> Result<Self, KeyringError>;
/// Store a key in the keyring
pub fn store_key(&self, key_id: &str, key: &[u8]) -> Result<(), KeyringError>;
/// Retrieve a key from the keyring if the calling binary is verified
pub fn retrieve_key(&self, key_id: &str) -> Result<Vec<u8>, KeyringError>;
/// Verify the calling binary's signature
fn verify_binary_signature(&self) -> Result<(), KeyringError>;
} 2. Platform-Specific ModulesEach platform-specific module will implement the Windows
macOS and iOS
Linux
Android
3. Command-Line Interface (CLI)A CLI tool for developers to interact with the keyring, including storing and retrieving keys and verifying the setup. CLI Commands# Initialize the keyring
keyring init
# Store a key
keyring store --key-id my_key --key-file /path/to/key
# Retrieve a key
keyring retrieve --key-id my_key Implementation Steps
Example Code SnippetHere is a simplified example of how the use std::error::Error;
pub struct Keyring;
impl Keyring {
pub fn new() -> Result<Self, Box<dyn Error>> {
// Platform-specific initialization
Ok(Keyring)
}
pub fn store_key(&self, key_id: &str, key: &[u8]) -> Result<(), Box<dyn Error>> {
// Platform-specific key storage implementation
Ok(())
}
pub fn retrieve_key(&self, key_id: &str) -> Result<Vec<u8>, Box<dyn Error>> {
self.verify_binary_signature()?;
// Platform-specific key retrieval implementation
Ok(vec![])
}
fn verify_binary_signature(&self) -> Result<(), Box<dyn Error>> {
// Platform-specific binary signature verification
Ok(())
}
}
fn main() -> Result<(), Box<dyn Error>> {
let keyring = Keyring::new()?;
keyring.store_key("my_key", b"supersecretkey")?;
let key = keyring.retrieve_key("my_key")?;
println!("Retrieved key: {:?}", key);
Ok(())
} ConclusionThis proposal outlines the design and implementation plan for a cross-platform keyring utility in Rust that ensures cryptographic keys are only accessible to processes with verified binaries. By leveraging platform-specific APIs and focusing on security and simplicity, this tool aims to provide a robust solution for secure key management across consumer operating systems. |
To ensure Freenet's delegate mechanism securely stores private data and avoids criticisms similar to those faced by Signal, we need to implement a robust sandboxing solution. This solution should be cross-platform, requiring minimal development effort, and provide consistent protection across Linux, macOS, Windows, iOS, and Android.
Background
Recently, Signal received criticism for storing chat databases in an unprotected area of the file system, making them accessible by any user process. To prevent similar vulnerabilities in Freenet, we need to adopt a sandboxing strategy that ensures private data is stored securely and inaccessible to unauthorized processes.
Requirements
Tasks
Research Sandboxing Solutions:
Select a Sandboxing Solution:
Implement the Selected Solution:
Test and Validate:
Document the Implementation:
Additional Information
By researching and selecting an appropriate sandboxing solution, we aim to enhance the security of Freenet and provide robust protection for private data stored within the delegate mechanism. This approach will help us maintain secure and best-practice data storage across all supported platforms.
References
By following these steps, we aim to enhance the security of Freenet and provide robust protection for private data stored within the delegate mechanism.
The text was updated successfully, but these errors were encountered: