You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I noticed running locally on umbrel that enclosed was unusable since umbrel runs through HTTP. Added a optional client side encryption before any data is transmitted. In case:
You need to run on HTTP pages (not just HTTPS)
You want to ensure encryption happens locally before data transmission
You're running on devices without AES hardware acceleration
You need a backup encryption algorithm for environments where AES might be compromised
The implementation includes:
Node.js and web implementations of ChaCha20-Poly1305
A configuration system for selecting the preferred encryption algorithm
A user interface in the Settings page for changing the encryption algorithm
Documentation and tests
Users can now choose between AES-256-GCM (default) and ChaCha20-Poly1305 through the Settings UI, environment variables, or direct API usage. This provides better security options for self-hosted instances and environments without HTTPS, as well as better performance on devices without AES hardware acceleration.
ChaCha20-Poly1305 is particularly useful in the following scenarios:
HTTP Environments: When you need to run Enclosed on a non-HTTPS server but still want strong encryption.
Mobile Devices: On devices without AES hardware acceleration, ChaCha20-Poly1305 can be significantly faster.
Older Computers: On hardware lacking AES-NI instructions, ChaCha20-Poly1305 often performs better.
Backup Encryption: As a fallback in case of vulnerabilities discovered in AES-GCM.
The encryption happens locally in your browser or application before any data is transmitted, so even if someone intercepts the data (which is possible with HTTP), they still can't decrypt it without the key.
It is not recommended to let users choose algorithms; instead, AES+ChaCha20 should be used by default (cascading offers higher security). ChaCha20 should only be used when AES hardware acceleration is not supported.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I noticed running locally on umbrel that enclosed was unusable since umbrel runs through HTTP. Added a optional client side encryption before any data is transmitted. In case:
The implementation includes: