42 lines
1.6 KiB
Markdown
42 lines
1.6 KiB
Markdown
---
|
|
id: TASK-77
|
|
title: 'EncryptID: Optional encrypted VPS backup for client-side data'
|
|
status: To Do
|
|
assignee: []
|
|
created_date: '2026-03-02 20:19'
|
|
labels:
|
|
- encryptid
|
|
- privacy
|
|
- feature
|
|
dependencies: []
|
|
references:
|
|
- src/encryptid/wallet-store.ts
|
|
- src/encryptid/key-derivation.ts
|
|
- src/encryptid/server.ts
|
|
priority: medium
|
|
---
|
|
|
|
## Description
|
|
|
|
<!-- SECTION:DESCRIPTION:BEGIN -->
|
|
Add an EncryptID settings option for users to backup their encrypted client-side data (wallet associations, etc.) to a VPS. Default is client-side only (maximum privacy). Optional backup enables device-loss recovery and cross-device sync.
|
|
|
|
Architecture:
|
|
- Client-side encrypted localStorage is the default (current wallet-store.ts pattern)
|
|
- Settings toggle: "Backup encrypted data to server"
|
|
- When enabled, encrypted blobs (already AES-256-GCM) are synced to the EncryptID server or a user-specified VPS
|
|
- Server stores opaque ciphertext — same zero-knowledge pattern as encrypted_addresses
|
|
- On new device login, user can restore from backup after passkey authentication
|
|
|
|
Consider extending this to all client-side data (wallet associations, preferences) and potentially migrating encrypted_addresses to the same pattern (client-first, optional server backup).
|
|
<!-- SECTION:DESCRIPTION:END -->
|
|
|
|
## Acceptance Criteria
|
|
<!-- AC:BEGIN -->
|
|
- [ ] #1 Settings UI toggle for encrypted backup (default: off)
|
|
- [ ] #2 Encrypted blobs sync to EncryptID server when enabled
|
|
- [ ] #3 Restore flow on new device after passkey auth
|
|
- [ ] #4 Server never sees plaintext — only stores opaque ciphertext + IV
|
|
- [ ] #5 User can optionally specify a custom VPS endpoint for backup
|
|
<!-- AC:END -->
|