planetary-ios icon indicating copy to clipboard operation
planetary-ios copied to clipboard

Published 20 hours ago verified publisher icon planetary-social

Design for Private Key Backup: Revive options for backup of identity keys and make backup on by default

Open rabble opened this issue 2 years ago • 6 comments

See also #285

rabble avatar Jan 03 '22 19:01 rabble

I did some research today and here's what I've found:

  • I can't find any code or commits that actually back up a user's secret key to iCloud. There is an onboarding step that asks the user about backing up to iCloud and records their preference, but the preference doesn't appear to be read.
  • It looks like we are saving the user's secret key in the keychain with the accessibleAfterFirstUnlock. This means it will be saved in encrypted backups (backups to a Mac) but not iCloud backups.

We have to decide what sort of user experience we want here. Here are some options that I see:

  1. We could follow the lead of other cypher/crypto apps and put the responsibility on the user to back up their key. This is usually in the form of an onboarding step that forces the user to copy the key (or a recovery phrase) before moving on. Manyverse does this.
  2. We could change the keychain attributes so that the secret is stored in iCloud Keychain. This has two problems: 1) we can't tell if the user has iCloud Keychain toggled on or not, and 2) we would need to build UI to warn about forks. Because iCloud Keychain is synced across all devices a fork could occur if the user set up Planetary on a new device and then posted from the old device. There is no foolproof way to verify that the user has deleted Planetary on the old device.
  3. We could offer to store the user's private key on a Planetary server. This gives Planetary full control over the user's identity and breaks a lot of the promises SSB makes to users 👎 . Moreover to recover their key from our servers we would need to authenticate them somehow, which makes this no better than the first option.
  4. The pie in the sky option: someday we should allow the user to back up their key to their friends' devices using Shamir's Secret Sharing.

I lean towards #1 for the short term. #4 would be great to do someday. Thoughts? @rabble @martindsq @Chardot

mplorentz avatar Jan 11 '22 21:01 mplorentz

(Looks like we already have a ticket for mnemonic keys aka recovery phrases to match Manyverse here: #224)

mplorentz avatar Jan 12 '22 15:01 mplorentz

It seems that the easiest approach for now is to implement option 1, and anything else we could do in the future will be in addition to this. I'll start wireframing a UI for it 👍

Chardot avatar Jan 14 '22 16:01 Chardot

My understanding is that we did build some features around forked feeds where if you install an app and have no content but an existing feed then it looks at pubs for sequence numbers and won't let you write until you've got it synced. That code might have broken or been disabled but i'm pretty sure it existed.

rabble avatar Jan 14 '22 17:01 rabble

Manyverse has a private key to words system which we need to investigate and support.

rabble avatar May 10 '22 21:05 rabble

@boreq wrote: https://github.com/boreq/friendlyhash

rabble avatar May 10 '22 21:05 rabble