docs: clarify security semantics of safeStorage (#42673)

* docs: clarify security semantics of safeStorage

Co-authored-by: Samuel Attard <marshallofsound@electronjs.org>

* Apply suggestions from code review

Co-authored-by: Erick Zhao <erick@hotmail.ca>

Co-authored-by: Samuel Attard <sam@electronjs.org>

* Update safe-storage.md

Co-authored-by: Samuel Attard <sam@electronjs.org>

* Update safe-storage.md

Co-authored-by: Samuel Attard <sam@electronjs.org>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <marshallofsound@electronjs.org>
Co-authored-by: Samuel Attard <sam@electronjs.org>
This commit is contained in:
trop[bot] 2024-06-27 07:52:33 +02:00 committed by GitHub
parent 13be04d0bf
commit f2666baeb7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -4,7 +4,19 @@
Process: [Main](../glossary.md#main-process) Process: [Main](../glossary.md#main-process)
This module protects data stored on disk from being accessed by other applications or users with full disk access. This module adds extra protection to data being stored on disk by using OS-provided cryptography systems. Current
security semantics for each platform are outlined below.
* **macOS**: Encryption keys are stored for your app in [Keychain Access](https://support.apple.com/en-ca/guide/keychain-access/kyca1083/mac) in a way that prevents
other applications from loading them without user override. Therefore, content is protected from other users and other apps running in the same userspace.
* **Windows**: Encryption keys are generated via [DPAPI](https://learn.microsoft.com/en-us/windows/win32/api/dpapi/nf-dpapi-cryptprotectdata).
As per the Windows documentation: "Typically, only a user with the same logon credential as the user who encrypted the data can typically
decrypt the data". Therefore, content is protected from other users on the same machine, but not from other apps running in the
same userspace.
* **Linux**: Encryption keys are generated and stored in a secret store that varies depending on your window manager and system setup. Options currently supported are `kwallet`, `kwallet5`, `kwallet6` and `gnome-libsecret`, but more may be available in future versions of Electron. As such, the
security semantics of content protected via the `safeStorage` API vary between window managers and secret stores.
* Note that not all Linux setups have an available secret store. If no secret store is available, items stored in using the `safeStorage` API will be unprotected
as they are encrypted via hardcoded plaintext password. You can detect when this happens when `safeStorage.getSelectedStorageBackend()` returns `basic_text`.
Note that on Mac, access to the system Keychain is required and Note that on Mac, access to the system Keychain is required and
these calls can block the current thread to collect user input. these calls can block the current thread to collect user input.