Use Case:
Web application accessed in browser. Registered users can store personal notes in the application, these notes are stored in a SQL database on a online server. The user can store unencrypted notes and encrypted notes. For unencrypted notes the process is trivial, just store the notes in the database. For encrypted notes the storage gets complicated (for me).
Frameworks:
Why should I use these Frameworks? I want that the encryption and decryption of the notes happens only on the client, so that the server has zero knowledge of the notes contents. I researched quite some time and found these libraries, scrypt and tweetnacl libraries are used by threema messanger afaik, so i consider them secure.
Protocol (outline):
Key generation, once per user:
- Use scrypt to derive a key encryption key from a user provided password, which should be different from the account password (the account password is hashed with Argon2 btw).
- Store the scrypt salt in the database
- Generate a NaCL key for note encryption
- Encrypt the NaCL key with AES-KW and the scrypt key encryption key and store it in the database
Encrypting/Decrypting notes:
- Load scrypt salt from database
- Load wrapped NaCL key from database
- Generate key encryption key from password and scrypt salt
- Unwrap NaCL key
- Encrypt note with unwrapped NaCL key and unique nonce
- store ciphertext and nonce in the database
As far as I know there is no secure way to permanently store the NaCL key of the user permanently on the device (browser), because of other users that might use the device or just some javascript code.
Question:
Is it secure to store the users NaCL key encrypted with AES-KW through the scrypt generated key encryption key in the database?
