8000 Added Optional Local Encryption (chacha20) by 18c83fd3-25ea-4ed9-8205-2abeff9b3883 · Pull Request #430 · CorentinTh/enclosed · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Added Optional Local Encryption (chacha20) #430

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub” 8000 , you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Added Optional Local Encryption (chacha20) #430

wants to merge 6 commits into from

Conversation

18c83fd3-25ea-4ed9-8205-2abeff9b3883
Copy link

I noticed running locally on umbrel that enclosed was unusable since umbrel runs through HTTP. Added a optional client side encryption before any data is transmitted. In case:

  • You need to run on HTTP pages (not just HTTPS)
  • You want to ensure encryption happens locally before data transmission
  • You're running on devices without AES hardware acceleration
  • You need a backup encryption algorithm for environments where AES might be compromised

The implementation includes:

  • Node.js and web implementations of ChaCha20-Poly1305
  • A configuration system for selecting the preferred encryption algorithm
  • A user interface in the Settings page for changing the encryption algorithm
  • Documentation and tests
  • Users can now choose between AES-256-GCM (default) and ChaCha20-Poly1305 through the Settings UI, environment variables, or direct API usage. This provides better security options for self-hosted instances and environments without HTTPS, as well as better performance on devices without AES hardware acceleration.

@18c83fd3-25ea-4ed9-8205-2abeff9b3883
Copy link
Author

Encryption Setup Methods for Enclosed

Method 1: Using the Settings UI (Easiest for End Users)

Access the Settings Page

  1. Open the Enclosed application in your browser.
  2. Click on the menu icon (three dots) in the top-right corner of the navigation bar.
  3. Select "Settings" from the dropdown menu.

Change Encryption Algorithm

  1. In the Settings page, locate the "Security Settings" section.
  2. Find the "Encryption Algorithm" dropdown.
  3. Select "ChaCha20-Poly1305 (HTTP Compatible)" from the dropdown.
  4. The change is automatically saved and takes effect immediately.

Verification

  • A description will appear below the dropdown explaining that ChaCha20-Poly1305 works on HTTP pages and devices without AES hardware acceleration.
  • All new notes will now use ChaCha20-Poly1305 encryption.

Method 2: Using Environment Variables (For Server Deployments)

If you're running Enclosed on your own server, you can set an environment variable to use ChaCha20-Poly1305 by default.

Set the Environment Variable

For Node.js applications

ENCLOSED_ENCRYPTION_ALGORITHM=chacha20-poly1305 node your-app.js

For Docker deployments

docker run -e ENCLOSED_ENCRYPTION_ALGORITHM=chacha20-poly1305 enclosed/app

In a .env file

ENCLOSED_ENCRYPTION_ALGORITHM=chacha20-poly1305

Verification

  • When you start the application, it will use ChaCha20-Poly1305 as the default encryption algorithm.
  • You can verify this by checking the Settings page, which will show ChaCha20-Poly1305 as selected.

Method 3: Direct API Usage (For Developers)

If you're integrating with Enclosed programmatically:

Import the Crypto API

const { createCryptoApi, CHACHA20_POLY1305 } = require('@enclosed/crypto');

Create a Crypto API Instance with ChaCha20-Poly1305

const cryptoApi = createCryptoApi(CHACHA20_POLY1305);

Use the API for Encryption/Decryption

// Encrypt data
const { encryptBuffer } = cryptoApi.getEncryptionMethod({ 
  encryptionAlgorithm: CHACHA20_POLY1305 
});

const { encryptedString } = await encryptBuffer({ 
  buffer: data, 
  encryptionKey: masterKey 
});

// Decrypt data
const { decryptString } = cryptoApi.getDecryptionMethod({ 
  encryptionAlgorithm: CHACHA20_POLY1305 
});

const { decryptedBuffer } = await decryptString({ 
  encryptedString, 
  encryptionKey: masterKey 
});

When to Use ChaCha20-Poly1305

ChaCha20-Poly1305 is particularly useful in the following scenarios:

  • HTTP Environments: When you need to run Enclosed on a non-HTTPS server but still want strong encryption.
  • Mobile Devices: On devices without AES hardware acceleration, ChaCha20-Poly1305 can be significantly faster.
  • Older Computers: On hardware lacking AES-NI instructions, ChaCha20-Poly1305 often performs better.
  • Backup Encryption: As a fallback in case of vulnerabilities discovered in AES-GCM.

The encryption happens locally in your browser or application before any data is transmitted, so even if someone intercepts the data (which is possible with HTTP), they still can't decrypt it without the key.

@sonarqubecloud SonarQubeCloud
Copy link
sonarqubecloud bot commented May 1, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@18c83fd3-25ea-4ed9-8205-2abeff9b3883
0