Skip to content
This repository was archived by the owner on Apr 13, 2025. It is now read-only.

Commit 57b5739

Browse files
committed
Add note about baselayer security and encryption options to security
considerations
1 parent c4ba8a6 commit 57b5739

File tree

2 files changed

+32
-17
lines changed

2 files changed

+32
-17
lines changed

docs/getting_started/security_considerations.md

Lines changed: 27 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,21 +9,38 @@ The first part consist of our security claims and the second part describes how
99
## Security claims
1010

1111
These claims all assume that you use a good strong password and take care of it properly.
12+
Also a secure base layer is assumed here. Security Bugs bugs in node.js/V8, your browser or your operating system are possible and can comprimise your private data in nodecg-io. Possible malware or e.g. keyloggers on your computer may also compromise this security model.
13+
14+
1. No service configuration is accessible to someone with only filesystem access.
1215

13-
1. No service configuration is accessible to someone with only filesystem access.
1416
- A exception to this is a nodecg-io install with automatic login as the password is stored in plain text.
15-
2. No bundle will be able to access your plain text password.
16-
3. All loaded bundles may change nodecg-io settings like deleting instances
17-
4. All loaded bundles may access all your configurations and passwords.
17+
18+
2. No bundle will be able to access your plain text password.
19+
3. All loaded bundles may change nodecg-io settings like deleting instances
20+
4. All loaded bundles may access all your configurations and passwords.
21+
1822
- It is highly recommended to only use bundles you trust!
19-
5. Anyone intercepting network traffic between the NodeCG instance and browser with a logged in dashboard can access all configuration and passwords.
23+
24+
5. Anyone intercepting network traffic between the NodeCG instance and browser with a logged in dashboard can access all configuration and passwords.
25+
2026
- It is highly recommended to configure NodeCG to use HTTPS when using untrusted networks (e.g. the internet, open wifi if your NodeCG port is not firewalled)
2127

2228
## Implementation
2329

24-
1. The configuration is stored encrypted only in a NodeCG replicant. If someone reads the persistent value of the replicant from the filesystem the configuration cannot be read because it is encrypted using your chosen password.
25-
2. When you enter your password inside the dashboard it is used to derive a encryption key using argon2id. Only this encryption key is ever transmitted and leaves the browser tab. Therefore other bundles can listen to the communication but it only contains the derived encryption key, not your plain text password.
26-
3. Bundles can listen to the login message from the dashboard to get the encryption key. This can be used to send authenticate messages to the nodecg-io-core bundle to add/delete instances, change service instance assignments and do everything that is possible in the dashboard.
27-
4. As mentionted in 3 all bundles can get the encryption key. The encrypted configuration is stored in a replicant which can be accessed by all bundles as well. Using these two any bundle could decrypt the configuration and have access to it.
28-
5. Same as in 3, everyone intercepting network traffic can intercept the encryption key that gets send to the core using NodeCG messages.
30+
1. The configuration is stored encrypted only in a NodeCG replicant. If someone reads the persistent value of the replicant from the filesystem the configuration cannot be read because it is encrypted using your chosen password.
31+
32+
- AES Options:
33+
- Bit length: 256 bits
34+
- AES block cipher mode: CBC
35+
- Padding scheme: PKCS7
36+
37+
2. When you enter your password inside the dashboard it is used to derive a encryption key using argon2id. Only this encryption key is ever transmitted and leaves the browser tab. Therefore other bundles can listen to the communication but it only contains the derived encryption key, not your plain text password.
38+
39+
- Argon2id options:
40+
- Memory size: 37 MiB
41+
- Iteration count: 2
42+
- Parallelism: 1
2943

44+
3. Bundles can listen to the login message from the dashboard to get the encryption key. This can be used to send authenticate messages to the nodecg-io-core bundle to add/delete instances, change service instance assignments and do everything that is possible in the dashboard.
45+
4. As mentionted in 3 all bundles can get the encryption key. The encrypted configuration is stored in a replicant which can be accessed by all bundles as well. Using these two any bundle could decrypt the configuration and have access to it.
46+
5. Same as in 3, everyone intercepting network traffic can intercept the encryption key that gets send to the core using NodeCG messages.

docs/getting_started/use_replicants.md

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ TODO: explain for what replicants are useful
99

1010
Current list of services with replicant support:
1111

12-
- StreamElements
12+
- StreamElements
1313

1414
(more services with replicants will hopefully be added in the future)
1515

@@ -56,11 +56,11 @@ Here's an example for the StreamElements service (replace the name with the serv
5656

5757
...
5858

59-
streamElements?.onAvailable((client) => {
59+
streamElements?.onAvailable((client) => {
6060
...
61-
// Connect your replicant to this nodecg-io service instance.
62-
client.setupReplicant(streamElementsReplicant);
63-
});
61+
// Connect your replicant to this nodecg-io service instance.
62+
client.setupReplicant(streamElementsReplicant);
63+
});
6464
}
6565

6666
```
@@ -72,5 +72,3 @@ In case you want to use the created replicant in your bundles extension you alre
7272
You can access the NodeCG replicant as usual. Use `replicant.value` to get the current state and `replicant.on("change", (newValue, oldValue) => { /* .... */ })` to be informed when the value of the replicant changes.
7373

7474
To figure out what properties are available on the object value you can either look at the corresponding sample bundle or use autocomplete in your editor if you're using TypeScript.
75-
76-

0 commit comments

Comments
 (0)