From f8b52a3895e0d093f7d831695b56f236a911fb0f Mon Sep 17 00:00:00 2001 From: Dan Finlay Date: Tue, 11 Oct 2016 15:06:09 -0700 Subject: Add to doc --- docs/multi_vault_planning.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'docs/multi_vault_planning.md') diff --git a/docs/multi_vault_planning.md b/docs/multi_vault_planning.md index dbd98e4a5..fdde2bc50 100644 --- a/docs/multi_vault_planning.md +++ b/docs/multi_vault_planning.md @@ -85,6 +85,12 @@ If we adopt a ReactStore style unidirectional action dispatching data flow, thes - saveAccountLabel() - recoverSeed() +Additional methods, new to this: +- serialize() + - Returns pojo with optional `secret` key whose contents will be encrypted with the users' password and salt when written to disk. + - The isolation of secrets is to preserve performance when decrypting user data. +- deserialize(pojo) + ### KeyChain (ReduxStore?) // attributes @name @@ -99,6 +105,9 @@ If we adopt a ReactStore style unidirectional action dispatching data flow, thes serialize(cb) -> obj deserialize(obj) + dispatch({ type: , value: }) + + ### KeyChainViewState // The serialized, renderable keychain data accountList: [], @@ -173,3 +182,7 @@ KeyChainViewState { } } +## A note on the security of arbitrary action dispatchers + +Since keychains will be dispatching actions that are then passed through the background process to be routed, we should not trust or require them to include their own keychain ID as a prefix to their action, but we should tack it on ourselves, so that no action dispatched by a KeyChainComponent ever reaches any KeyChain other than its own. + -- cgit v1.2.3