Thursday, May 12, 2016

Proposed Client-side Encryption in OmniFocus

Wim Lewis (via Ken Case):

Our main goal is to secure your data against a passive attacker: someone who can read the files on the server, intercept them on the network, look at old backup tapes, etc., but who cannot modify your files on the server. This describes a lot of real-world compromises. The passive attacker should be able to learn very little about your use of OmniFocus. They will, by definition, be able to tell when you’re making changes and syncing them, and they can tell if you’ve added an especially large attachment, for example, because of the increase in traffic. But they should not be able to read the contents of any of your tasks.

[…]

An OmniFocus sync database is a directory full of files which are read and written asynchronously by multiple clients that don’t have other ways to communicate.

An encrypted database has one extra file, the “encryption metadata” or key management file. Your passphrase decrypts this file, which contains one or more file-encryption subkeys, each with an identifying key index.

[…]

TL;DR: PBKDF2-SHA256, AESWRAP, AES128-CTR, HMAC-SHA256.

1 Comment RSS · Twitter


[…] Previously: Proposed Client-side Encryption in OmniFocus. […]

Leave a Comment