I wanna encrypt all user data and store the encrypted data to stable memory so that users can be confident that the data is only visible by the user who owns said data. Does anyone have an example that they can link me to where this encryption is achieved?
1 Like
I think at the moment you can either:
- Encrypt the data before it reaches the IC so that the key isn’t at risk of being compromised (e.g. by a node provider)
- IC Vault does this in the browser
- Encrypt the data in a canister, with the above caveat about exposing the keys
- Perhaps using something like
make_rngfromic-auth-tokensalong with a pure Rust cryptography crate
- Perhaps using something like
- Wait for Threshold Key Derivation - Privacy on the IC
8 Likes
Option 2 clearly isn’t secure, for the reason you state under 1: any node can see both the unencrypted data sent in and the key.
1 Like
Option 3 it is! Thanks @paulyoung