[Front] Encryption/Decryption for Upload/Download

[its-colby]

• encapsulate all non UI logic so that it can be added to Auto SDK
• allow user to set password, use symmetric cipher for decrypt/encrypt, eg AES

Flow: User sets password, password is saved in local storage (and user saves password to his own password manager). Crypto library is used to derive symmetric key from password, AES is used to encrypt, + MAC tag. Encrypted file sent to backend and treated like any other file. When file downloaded on frontend, frontend will attempt to decrypt with saved password from local storage. If incorrect MAC tag or no saved password, it will prompt user to enter password, then attempt decryption.

For encrypted files, if they are cached on the user's own machine (the client machine), then they will be cached in decrypted form.

The backend should not be aware of any passwords, salted passwords, or distinguish between encrypted and un-encrypted (plaintext) files.

[clostao]

There’s an issue with downloading folders that contain encrypted files. Currently, folders are packaged as ZIP files for download, but the files within an encrypted folder are also downloaded in their encrypted form, which isn’t ideal for user accessibility.

To resolve this, I suggest encrypting the entire ZIP file for folders that require encryption. This way, users receive a single encrypted ZIP file, ensuring that only the folder itself is encrypted, rather than each file individually.