Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a utility to encrypt and decrypt files in the browser #4064

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Add a utility to encrypt and decrypt files in the browser #4064

wants to merge 5 commits into from
+422 −4

Conversation

mgwalker
Copy link
Member

@mgwalker mgwalker commented Jan 13, 2025
edited
Loading

Changes proposed in this pull request:

This PR adds a client-side tool that allows users to select files, enter a password, and download an encrypted copy of that file. Similarly, users can select an encrypted file, enter the password, and download a decrypted copy of it. This tool does not exchange any information with any servers anywhere – it uses the Web Crypto native web API to do all of its cryptography in the browser.

Direct link to the tool in preview

security considerations

tk,tk - Probably want to bounce this off the cloud.gov Pages team and/or AO to ensure that this doesn't violate anything about that system. Since all data resides on the user's computer and is never stored by cgPages, it seems like this should be fine.

@mgwalker mgwalker requested a review from a team as a code owner January 13, 2025 21:19
neilmb
neilmb reviewed Jan 13, 2025
View reviewed changes
js/crypto/crypto.js Outdated Show resolved Hide resolved
akf
akf reviewed Jan 14, 2025
View reviewed changes
pages/general-information-and-resources/sensitive-information.md Outdated
<form>
<label>
Password:
<input id="password" type="text" />
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change type to "password" so if someone's demoing this they don't inadvertently display the password?

@mogul
Copy link
Contributor

mogul commented Jan 14, 2025
edited
Loading

To mitigate the possibility of a JS injection attack that grabs the file content and has its way with it, I would want to see the form for a utility like this presented in a page that literally imports no other JS. That's not the case for handbook pages:
image

@mgwalker mgwalker force-pushed the mgwalker/encrypt-files branch from 22c099b to 6bc1d18 Compare January 17, 2025 19:40
@mgwalker
Copy link
Member Author

Some intermediate changes in the latest push:

  • the password field is masked by default, but there is a button to toggle the masking
  • there's a new button for creating a random password
  • passwords must be at least 16 characters per NIST recommendations

I'll push up some more stuff later that'll move this tool onto its own page that doesn't import any other Javascript.

I think there's also some consideration around whether and how we could protect this page from other JS injection attacks. My naive first thoughts:

  • Cloud.gov Pages sets the X-Frame-Options header to SAMEORIGIN which should prevent browsers from embedding the Handbook as a frame in any other sites. The frame sandbox should also prevent sites from accessing data in the frame anyway, but defense in depth...
  • The Handbook is served over TLS, which ostensibly should ensure the integrity of what we deliver to the client, unless there's a TLS-terminating proxy in the middle, which of course nobody would ever actually deploy... 🤦🏻‍♂️
  • The repo requires PR reviews, which isn't an ironclad guarantee, but I think we consider it good enough elsewhere and I don't know why it wouldn't also be good enough here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neilmb neilmb neilmb left review comments

@akf akf akf left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mgwalker @mogul @akf @neilmb