balena-labs-research / secure-store Goto Github PK

I mean adding references to the code functions that provide the following encryptions referred in the text below:

The files and folders are encrypted using [Rclone Crypt](https://github.com/rclone/rclone), which is also open source and available for your own auditing. Under the hood are [different encryption methods](https://rclone.org/crypt/) for different parts of the encryption (e.g. filenames vs files themselves) which utilise among others NaCl SecretBox based on XSalsa20 cipher and Poly1305 for integrity. It's content is encrypted using a randomly generated 1024 bit password which is unique for each device, and stored inside a configuration file. That configuration file is then encrypted with NaCl SecretBox using your own provided key generated from Secure Store and served by Secure Store Server to all your devices.

As with any encryption solution, this is not bullet proof. This project has been developed as a proof of concept designed to significantly increase the level of security of content, but does not make any guarantees.

In case everything is done by RClone Crypt is it possible to point to the functions that call it and make some references to that?

We find the need for this for understanding better the encryption process before applying to devices in our fleet

Thanks in advance!

Hi @Maggie0002 ,

After trying the project I noticed that the encrypted RClone configuration file has no instructions about how to configure it neither of what are the contents of the file previous to the encryption.

Is it possible to get some info on that?

Thanks

When stopping the secure store container the sigterm/sigkill etc will be passed to the secure store process and will terminate without waiting for the child process (the users app) to exit gracefully.

Signal handlers should be added to pass the sigterm commands to the child process to allow graceful exit and to avoid data loss in the users app.