Sync server nigori details needed

[Viatcheslav Gachkaylo]

Hello,

Can you tell me which nigori specific things should be added to the test version of a sync server in Chromium trunk so that data encryption is available.

There's only one nigori-specific piece which returns autogenerated master key now. While reading through the nigori specs, I found out that master key should be

calculated from a user's password hash. Are there more things the server should accomplish to support data encryption? 

These things are needed for our custom sync server.

We need it to support data encryption as well.

Thank you,

Viatcheslav Gachkaylo

Crystalnix

[Tim Steele]

Hi, there are actually no Nigori specific things that need to be added server side for sync data encryption. Encryption and decryption are performed client side.

If you want to offer encryption, likely the easiest thing you could do from a technical perspective would be to require use of custom passphrases (see PassphraseType in nigori_specifics.proto) and set encrypt_everything to true. This will mean all datatypes are encrypted with a key derived (using nigori) from a user specified secret, and you won't have to worry about things like key changes due to new user passwords. This will require overriding some sync setup UI though, as Chrome's default mode is not to encrypt all data.

We recently added this key in chromiumsync.py (which I'm guessing is what you're referring to?). It is not yet used and will never be absolutely required for sync encryption to work -- it will not be used if the user opts to use a custom passphrase (and note that soon, the client will encrypt with a custom passphrase if-and-only-if encrypt_everything is also true).

--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev