Search code examples
androidencryptionsimperium

Where are the insert points in Simperium for adding data encryption?

I simply love SimpleNote.

However, I don't like my data being unencrypted on a server somewhere. I understand why that isn't the case by default (especially for SimpleNote), but I would like the option to encrypt my data if I want.

I was thinking of adding (optional/configurable) encryption to the Simperium client libraries on my own forks, but I am having a difficult time finding the insertion points of the encrypt/decrypt routines. The libraries do lots of diffing (beneficial for speed, I'm sure), and I have not been able to find any documentation of the models or flows of data through them.

So, I'm wondering:

  1. Is anyone already working on this problem? (I couldn't find roadmaps on the Simperium or SimpleNote websites.)
  2. Is there any actual documentation of how the code is written (model/relation diagrams or flow charts)?
  3. Where is the best places to insert the crypto? (I was going to start with the Android client.)
  4. What is a "Ghost"?
Solution

  • Hope you're doing more than great!.

    1. I'm afraid Encryption is not a problem that's being currently worked on by our team.

    2. Although class diagrams aren't really uploaded anywhere, there are several automatic-generation-tools, such as https://www.visual-paradigm.com/solution/freeumltool/, which would dynamically render those for you.

    3. See below!

    4. The way Simperium works is quite interesting. Local database entities keep a copy of the last known remote state in a field which we call Ghost.

      Whenever a local change is performed, the library will calculate the diff between the last known remote state (AKA Ghost), and the local state. This change is enqueued, and sent whenever possible.

      Now, here is where it gets extra tricky. The backend is considered the canonical repository // Master, and the clients actually perform Change Requests. It's up to the backend either to accept or reject the change.

      This is analog to the way GIT works, in some sense. If you attempt to push a local change, after the remote branch diverged, you will get an error, and a rebase / merge will need to take place.

      By design, i'm afraid that Simperium's backend needs to be able to apply the diff posted by the client into it's local database. Implementing encryption would require rethinking the way the protocol works, and patching the backend as well.

    If you'd like to further discuss this, please, feel free to mail me directly at jorge.perez (at) automattic -dot- com, or poke me over the WordPress.org Slack. Would be more than happy to walk you through the architecture.

    Thank you for your interest in Simperium / Simplenote!