Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More info please on ccviewer #34

Open
philrasch opened this issue Sep 30, 2020 · 2 comments
Open

More info please on ccviewer #34

philrasch opened this issue Sep 30, 2020 · 2 comments
Labels
question Further information is requested

Comments

@philrasch
Copy link

I am very interested in ccviewer, but I don't have enough info to decide whether to use it.

Because most cloud providers already have pretty good apps for accessing unencrypted files on an iphone, my usecase is primarily to access encrypted files (encrypted using rclone, cryptomator, encfs, etc) that I have stored on the cloud). These encrypted files hold stuff I am not particularly interested in sharing with cloud providers.

But to be comfortable accessing this data with ccviewer, I want to know the following things:

  1. are you using existing software packages (in the form of compiled codes from publicly available source from rclone, plcloud, etc) that have been embeded into ccviewer, or are you replicating the algorithms found in those packages? I would feel more comfortable knowing that the codes are directly taken from the original authors and updated when bugs are found and fixed by those teams, rather than using some method of translating those codes (by hand or automatically) to another language.

  2. can you describe the mechanisms you are using for storing (or not) the passwords, keys, bucket IDs, necessary to access the encrypted files? I would like to make sure that these pieces of information are handled securely, and I would like to make sure that they are not accessible to other apps. Are the mechanisms used by the original teams being for storing this information being used by ccviewer or have you chosen another approach? Is your approach a common strategy used by iphone apps?

  3. have you considered a security audit?

Thanks for providing us this cool tool. I can't find anything quite like it, so I hope your answers reassure me that it is a good choice for my usecase

Phil
@lithium0003
Copy link
Owner

This app is open source, you can compile it for your own binary.

  1. This app using encryption routine translated to swift by my own. I referenced official documents and source code and translated to swift because iOS software needs this language. So, Cryptomator encryption method changed, this app need to follow it but not yet (Cryptomator vaults not working #31).
    It is one choice that using other binary as is, but is difficult compiling in iOS and combining to my module. This app plan to play video and audio files trans-decrypting on the fly, I decided using encryption code written by swift referenced to original algorithm.

  2. User secret information stored in iOS keychain.
    like this:

    ccViewer/RemoteCloud/RemoteCloud/RemoteStorage.swift

    Line 445 in e149e3f

    func getKeyChain(key: String) -> Data? {

    iOS keychain is secure, I believe.

  3. You can audit my code, it's all open.

The Apple Store version ccViewer is just different in "RemoteCloud/RemoteCloud/Secret.swift".
This file stored app client secrets to access cloud storages, they can't share.

@lithium0003 lithium0003 added the question Further information is requested label Sep 30, 2020
@shural
Copy link
Contributor

shural commented Dec 12, 2020

Could you please be specific about which Cryptomator version your latest release is compatible with?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@philrasch @shural @lithium0003