Secure storage / password protect

[grrrrr]

• [x] Did you check to see if this issue already exists?
• [x] Is this only a single feature request? Do not put multiple feature requests in one issue.
• [x] Is this a question or discussion? Don't use this, use https://lemmy.ml/c/jerboa

** Describe the feature request below **

Giving the wide range of topics discussed on Lemmy, some of which could get you in trouble in various contries, I would like to suggest a new feature that would allow the data to be stored in an encrypted database with the option to password protect the data.

This could be achieved by using @GuardianProjects SQLcipher.

[MV-GH]

What data are we talking about here? posts comments? Jerboa doesn't store those, atm it doesn't even cache. It only stores your appsettings hardly anything "dangerous".

[twizmwazin]

The main thing I imagine one might be concerned about is their login credentials. However, locking a password behind another password doesn't seem like the best approach. It would probably make more sense to allow users to sign in but have their login credentials/token cleared when the app is closed instead of saved to the database.

[beatgammit]

atm it doesn't even cache

It will once #621 is implemented.

Perhaps we can use Android Keystore to store the encryption secrets. It would be extra cool if we could integrate with password managers if users prefer that (e.g. just mark a field as a password field and the password manager would autofill).

[grrrrr]

@MV-GH I am in a country and do work where risk of phone and computer confiscation is high. I am looking to make it harder to have people access the app and see what I do on it or who I am in the fediverse as some of the information accessed can be quite against the government thought.

[dessalines]

This doesn't store any passwords, but the JWT. But if someone wants to do this I can re-open.