@rapropos - Thanks for the reply.
Sorry, this crypto stuff is all quite new to me. I understand the ‘why’ and some of the ‘what’ to use, but I’m not clear how to go about including scrypt (or alternatives) in my Ionic app, or where the various processes happen. (Plenty of recommendations out there for what library or algorithms to use, but less clear info on how).
To clarify what I need to do:
New “secret stuff” is only created in the app, offline.
I need to encrypt (somehow) to store it on the device w/o any access to a server (and even if I had server access, I still wouldn’t be clear on that process …). I need to decrypt it at least on the server, and potentially to view it on the device.
Can you help w/a basic “for dummies” breakdown of what happens where, when & how?
I would use scrypt to create a (symmetric, AES?) key from a password, but where? If created on server (ours is .NET, not Linux btw), the classic problem of how do I get/store the key into the offline app w/o compromising it? Or do I create it in the app & need to store it somehow?
Then what do I use to actually encrypt/decrypt the text content I need to protect, which would use the key from scrypt?
Since AES is symmetric, I shouldn’t store that key with the app, correct?
As you said “ephemerally” … But does that mean I’d need a new key for every use?
In that case I don’t understand how I could decrypt stuff either on device or on the server later w/o keeping a bunch of keys. I don’t follow the basic process.
And presumably I’d need the same key(s) on the server to decrypt content once it’s synced to the remote database? So again how to share/distribute securely?
I see this version of scrypt for npm/JS, which isn’t an ‘official’ release (If there’s a way to run a Linux program from within an Ionic app, I’d love to hear it!). I assume I could install that in my app like any npm module, and use it on-device to create a key from a password … But obviously I have no idea what I’m doing, so …
Sorry for all the follow-up. I don’t know an HMAC from Mac & Cheese, so I could use a bit more basic detail if you have time … Thanks for any further help!!