The crypto vault is using dirs directly in my homedir, please follow the XDG spec and use the ~/.config and ~/.local dirs (absent the XDG_DATA_HOME env var). Specifically, I suggest storing the encrypted faults in $XDG_DATA_HOME/Vaults/ which for most people means; $HOME/.local/share/Vaults/ Thanks!
Strongly agree. I hate it when apps dump things right in ~, even when they're hidden.
Cryptodude, would you like to submit a patch for this on phabricator.kde.org? If you've never done it before, I can help guide you through the process.
(In reply to Nate Graham from comment #1) > Strongly agree. I hate it when apps dump things right in ~, even when > they're hidden. Personally I'd like to see the ability to specify a location other than the default, even if it was only via a manual edit of a *rc file.
You can choose the exact location for both the encrypted data and the mount point for each of the vaults you create. I would +1 a patch which allows configuring the default prefix for both. I would not approve a patch that changes the location to XDG_DATA_HOME as this is not application data - this is user data.
(In reply to Ivan Čukić from comment #4) > You can choose the exact location for both the encrypted data and the mount > point for each of the vaults you create. Yes, I was aware of that. That is currently what I'm doing :) > I would +1 a patch which allows configuring the default prefix for both. The ability to specify the default location would be very welcome.
Patch available: https://phabricator.kde.org/D8469 It just uses the XDG_DATA_DIR to calculate the default directory for the encrypted data. The stuff the user actually interacts with is still set at ~/Vaults/[name] And these are just suggestions, defaults.
> I would not approve a patch that changes the location to XDG_DATA_HOME as this is not application data - this is user data. The XDG_DATA_DIR is specified as; "the base directory relative to which user specific data files should be stored" User data, in other words.
If I'm reading your patch correctly... When using encfs you are now enforcing the location of the encrypted data. >Only when the user picks EncFS we then continue to not allow the user to >pick his 'device' directory where the encrypted files would go, just store >this on the XDG_DATA_DIR which is defined as Whilst that may be *your* ideal, and I don't doubt the security issues underlying it. The user now has *no* choice. I can't agree with that. I apologise in advance if I've misread your patch.
I think the user does have a choice: use CryFS instead, and then the location can be safely specified, no?
> I think the user does have a choice: use CryFS instead, and then the location can be safely specified, no? Nate has it right, since CryFS doesn't have the security issues there are no restrictions on it at all. Removing the choice for EncFS makes sense because security isn't optional.
Go for it guys :)
(In reply to Nate Graham from comment #9) > use CryFS instead Isn't that removing user choice also... The flaws with encfs are known, CryFS is not mature and an unknown quantity at this point. (Yes, I am aware of https://www.cryfs.org/cryfs_mathesis.pdf )
> Isn't that removing user choice Yes, you don't allow your user to pick an option that is _known_ to put them at risk.
As I said, go for it guys. :) It's all now rather moot as far as I'm concerned. My data, my choice, my risk assessment. Vault is not an application that I foresee myself using.
That's just fine! Vault isn't targeting users like you, who are likely to be able to easily roll your own solution that perfectly fits your needs (I did the same before Vault came along).
Git commit 07311c73b5dd1f552ecff29eeb1bc212e75329a9 by Ivan Čukić, on behalf of Kees vd Broek. Committed on 29/10/2017 at 09:13. Pushed by ivan into branch 'master'. Use XDG_DATA_HOME and security fix Summary: The EncFS has security issues when the encrypted files are shared in the open. For instance on a usb-pendrive or a shared drive. Only when the user picks EncFS we then continue to not allow the user to pick his 'device' directory where the encrypted files would go, just store this on the XDG_DATA_HOME which is defined as; the base directory relative to which user specific data files should be stored Users can continue picking their datadir just fine when they pick the CryFS and other future backends. Reviewers: ivan, #plasma Reviewed By: ivan, #plasma Subscribers: plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D8469 M +28 -21 kded/ui/directorypairchooserwidget.cpp M +3 -5 kded/ui/directorypairchooserwidget.h M +2 -2 kded/ui/vaultcreationwizard.cpp https://commits.kde.org/plasma-vault/07311c73b5dd1f552ecff29eeb1bc212e75329a9