Feature Proposal - Encrypt local config

[andrew-lis]

Background: Right now the file "KeeAnywhere.Accounts.json" is not protected at all (Windows Control Access is easy to overcome), yet it contains sensitive, unencrypted tokens that allows anyone to access all files on the Remote Drive (Google Drive, Dropbox, etc).

Proposal:

• KeeAnywhere should encrypt the "KeeAnywhere.Accounts.json" file at account creation with a user password (different than the one to the KeePass database)
• require a user password to provide the password at program start.
• There should be a feature flag for that

[gab]

At this point this is starting to resemble a lot the defunct's KeeCloud workflow, which was a lot more secure: 1- Open Keepass Database 2- Credentials for the cloud service are inside the database 3- Sync with cloud database using File -> Synchronize -> Synchronize with URL

It would feel like a better time investment to support this scenario than to implement a parallel encryption system which will inevitably be less mature and less secure than Keepass itself.

[andrew-lis]

It would feel like a better time investment to support this scenario than to implement a parallel encryption system which will inevitably be less mature and less secure than Keepass itself.

You may be right, but the users should be notified when the flow I'd described is used.

[Jackabomb]

Actually, the json Secret field is encrypted. It just might not look like it. Here's where the encryption actually happens; it uses an OS-provided encryption/decryption API, meaning the decryption key for the secret is not stored in accounts.json, keepass.xml, or the plugin.