That worked! Thank you!
1 Like
Great!
I was thinking about alternative icons to denote encrypted items, which one do you prefer and think people are less likely to use in their dynalist already:
I like the first.
Another thing is the whole set password feature. It works but is a bit confusing. Like when it is encrypted, when not, did my password get saved, etc.
Yes thatâs fair, I will add UI elements to notify the user about the password being saved.
Also I will add a status element to the Dynalist UI saying âClient-side Encryption Enabledâ or similar.
Cool, sounds great!
Also to be clear: The password is never saved in plain text.
I derive a symmetric key form it which is stored securely using a key storage which only allows for encryption & decryption within the page. An attacker could not extract the key even if it could insert malicious javascript code into the dynalist webpage (which is extremely difficult over https in the first place, but say if you had installed a malicious extension).
Though it could decrypt the documents on the page using the key of course.
@Louis_Kirsch
Tested with success. Here are my input though I think you might have already captured them in your todo list.
- password input with confirmation
- allow password reset/change
- change bullet shape to indicate Encryption status (eg from circle to diamond)
- any change (intentional/accidental deletion or insertion) made to existing encryption code string (while extension is inactive) leads to permanent â Could not decryptâ
Thanks Chiang!
I guess with password change you refer to re-encryption of all data with the new password? This will be tricky to do with the current system â I have to think about how to do this.
What do you mean by password reset?
Same here, sounds great but will need a lot more meddling with the Dynalist code which could turn out to be tricky. Maybe @Shida has ideas how to do this easily.
Yes thatâs right and I donât think I can do anything about this because as you said â the plugin is off. What you can do though if you encounter âcould not decryptâ is go into your version history and undo the accidental change.
Yes. Say I decided to change password to a stronger one, I was hoping the extension performs updating all existing encrypted text prior to password change, to match the latest password.
A good point!
Itâs tricky because in order to make it secure I would have to copy all your documents in order to discard the version history. In principle I could do that using the API - but it will be a bit of work.
@CHIANG_E @Steffen I have updated the interface
The little lock icons are a bit hacky right now though (basically using css rules) and I think it might slow down the client too much.
Maybe I can try to dig into the core Dynalist code to make it more efficient, otherwise I might have to remove them again.
EDIT: I think I found a more performant way of doing it.
As usual the update is on github https://github.com/timediv/DynaCrypt/releases/tag/1.1
https://github.com/timediv/DynaCrypt/releases/tag/1.2
I updated, but now i cant decrypt my lists anymore. the new ones
Yes I had to upgrade the encryption algorithm. I hope this wonât be necessary again but during these initial stages I have to make sure there are no vulnerabilities.
You can use the old version to save your document as opml or copy the data. Then insert it with the new plug in version.
Guess DC1.2 has somewhat solved performance of 1.1.
Anyway, I tested both, with none of the 1.0-1.2 unloaded.
Okay, testing of 1.1 (activated alone): I was required to reenter my password.
Testing of 1.2 (activated alone): Password needed no re-enter. Duplication of encrypted nodes retained the encryption status.
Love the padlocks. Is 1.2 final for pre-release?
Risk assessment: In what circumstances could the encryption be unrecoverable, other than lost of password and âtamperedâ encrypted nodes (as in my previous reply)?
I think it is quite stable now. There are still a few features missing for convenience, but it certainly is usable already:
- Automatic initial encryption of all documents (can be done manually by copying documents)
- Changing the password (automatic decryption + reencryption, again, in principle can be done manually)
- Using no or a different key for shared documents (one can also disable the plugin while editing those for now)
- Support for dates in google calendar
- Bookmarks & Document names are unencrypted but I guess that is less of a concern
In principle you could always recover by using an old version of the plugin / running the js decryption manually on one of your backup files or downloaded opmls. I think there are two modes of inconvenience that could happen
- Dynalist changes their code base so radically that it breaks my plugin (I only interface with the networking so this is not too likely) â then I would have to adapt the extension
- I have to adapt the encryption mechanism because there is a weakness (will make sure to chat with a security expert soon). Right now I donât provide an auto re-encrypt upgrade process, so if this happens again you have to use the old version, export the files as opml unencrypted, and reupload them with the new version.
@Louis_Kirsch
Appreciate your time and efforts, keep the forum posted please. Also some level of documentation such as recovery guide at the Github (?) would be nice and life-saver.
Thatâs a good idea. I might just add a script that takes the encrypted backup files and outputs an unencrypted backup for Dynalist independent recovery.
Yes!
Wish that it could auto download the working Dynalist document (my guess) in multiple opml files at fixed intervals in the background, given that there is no control over when the user will turn off CRX (assuming selective encryption) or even close the browser. File names to have date-time stamps & doc name.
Iâm not entirely sure what you are asking for. Can you please clarify?
Dynalist has a backup feature already which you can access in the menu or setup auto backups. These backups will be encrypted (as they are downloads directly from the server) so it would be useful to have an additional option in the extension to decrypt such a backup independent of whether the extension still works for Dynalist (as Dynalist might go down at some point or otherwise make the extension incompatible).
When you export a file to opml within Dynalist (not the backup feature) then you actually get the unencrypted copy that the client has in-memory.
That was functionality I wish you could add to the script in the reply from you earlier:
script that takes the encrypted backup files and outputs an unencrypted backup for Dynalist independent recovery
I need the script to download the âunencrypted backupâ (i assumed opml file) at an interval say every 5 mins.
EDIT:
I guess my request is not valid when âthe scriptâ component of DynaCrypt is capable of decrypting the Dynalist routine-backup (local copy downloaded from GDrive/Dropbox; encrypted) in OFFLINE mode.