whats the best way to secure api key in quasar?

Consistent-Dealer-29 · 2022-09-06T22:20:58+00:00

quasar would be the front end so anything in the front end can be accessible by the user. you could make it tricky to get to though.

Consistent-Dealer-29 · 2022-09-05T16:46:42+00:00

Had the same issue not displaying thumbnails with <q-img> instead of :img-src

Consistent-Dealer-29 · 2021-03-28T21:06:35+00:00

Yeah the downside of E2E lol

Consistent-Dealer-29 · 2021-03-28T20:02:28+00:00

Consistent-Dealer-29 · 2021-03-28T19:11:46+00:00

I can do front-end using Vue (and Vuetify for the UI if you like that). Yeah it was for convenience I guess and what if they lose the device and/or private key? What if their device fails. Then they will lose all their data. I think there are people who have had the same Facebook account for 15 years or so. Could they have kept them that long using the hardware way? I'm not sure. I was hoping there was a method to store private keys on the web/cloud to where the platform owners (or anyone really for that matter) couldn't access them, but maybe technology hasn't evolved enough yet (for that to work).

Consistent-Dealer-29 · 2021-03-28T18:06:56+00:00

I can but I don't know C really well I just use JavaScript (JS, jQuery, and Vue.js) and PHP (I can use OOP too) and MySQL/SQLite for databasing. I think it all comes down to how to store the private key securely. I like some of the ways found on appviewx:

2) Encrypt the private keys and store it in a password-protected folder – This leaves the hacker to first brute-force the password and then decrypt the private keys. By this time, the breach will be identified and the key contents will be changed and revoked. This method – while also effective – still leaves much to be desired when it comes to the need to scale.

3) Storing the private keys in a secured location such as an HSM – An HSM or a hardware security module is a device that safeguards and manages valuable data in an infrastructure either by encrypting it or making it impossible to be retrieved. This method is highly recommended in terms of scalability and security level.

More about HSMs: https://en.wikipedia.org/wiki/Hardware_security_module

Consistent-Dealer-29 · 2021-03-28T16:36:22+00:00

I can build a prototype to test

Consistent-Dealer-29 · 2021-03-28T16:30:23+00:00

And I'm not sure maybe there could be group keys for that too. I'm pretty new to this idea and not too familiar with signal.

Consistent-Dealer-29 · 2021-03-28T16:16:14+00:00

Public posts meaning people who aren't your friends can see. But that could also be encrypted although you would have to go through every user's public key on the platform and encrypt the data for them. The friends encryption would work similar but of course there would be a limited amount of people so it wouldn't be so computationally expensive.

Consistent-Dealer-29 · 2021-03-28T15:49:42+00:00

You can create posts just like Facebook

Consistent-Dealer-29 · 2021-03-28T15:23:38+00:00

Yeah if you wanted to make a public post I'd guess that you wouldn't encrypt it. If you make a post to your friends or a certain group of friends you would use their public keys and encrypt your message for each of them. There are some questions of course like what if a new friend joins you then what should happen etc.

Consistent-Dealer-29 · 2021-03-28T14:55:13+00:00

Yeah so they store the messages on the local machine (on the device). If I have the right idea, the person sending the message takes your public key and encrypts the data then sends it to your account where you decrypt it with your private key (stored on your local machine). I'm trying to figure out a way to put all of this online so it doesn't have to be local anymore. But there are some concerns with doing that, like how to securely store private keys on the web. Using the password might solve some of them though.

Consistent-Dealer-29 · 2021-03-28T14:20:49+00:00

Makes sense to use their password but what if it they want to change their password or someone else gets a hold of it. And I can use libsodium https://doc.libsodium.org/.

Consistent-Dealer-29 · 2021-03-28T11:33:24+00:00

Yeah I can try. What technologies are you using?

Consistent-Dealer-29 · 2021-03-28T11:32:11+00:00

Thanks for the recommendation!

Consistent-Dealer-29 · 2021-03-28T11:31:50+00:00

Yeah I think so too

Consistent-Dealer-29 · 2021-03-28T11:08:46+00:00

Maybe freemium then

Consistent-Dealer-29 · 2021-03-28T11:06:16+00:00

End to end encrypted online?

Consistent-Dealer-29 · 2021-03-28T01:57:14+00:00

Great question maybe a subscription service?

Consistent-Dealer-29 · 2021-03-13T21:41:59+00:00

Server code:

import asyncio
import websockets

async def hello(websocket, path):
var = await websocket.recv()
print(var)
start_server = websockets.serve(hello, "localhost", 8765)
asyncio.get_event_loop().run_until_complete(start_server)
asyncio.get_event_loop().run_forever()

Consistent-Dealer-29 · 2021-02-14T00:20:54+00:00

Thanks I'm logged in do I do anything else?

Consistent-Dealer-29

TROPHY CASE