threadpanic/rustpg
1
0
Fork
You've already forked rustpg
0

feature request: encrypted rustpg.conf and a menu item in tasks to put rustpg.conf in main window for viewing (god knows where it is on windows) #7

Open
opened 2026年05月08日 14:07:34 +02:00 by threadsafety · 1 comment

Three related problems that belong together:

1. App state is scattered across three files. rustpg.conf holds settings, a separate recent file holds the recent-file list, and window size/position is not persisted at all. These should live in one place. Option A: fold everything into rustpg.conf (recent01=... through recent10=; window_w, window_h, window_x, window_y). Option B: keep rustpg.conf for user-visible settings and add rustpg.state for ephemeral runtime state. Either way, the recent sidecar file goes away.

2. App metadata leaks even when key material is encrypted. An attacker with read access to ~/.config/rustpg/ can see the recent-file list (what documents you opened) and the my_id setting (reveals your identity slug, which is a hint about the contents of key_material.rpg). If rustpg.conf were encrypted with the same key as key_material.rpg, this metadata would be protected at the same trust boundary as the keys themselves.

3. App password at startup. A natural extension of point 2: require the master password before the app renders anything (the red passphrase box appears first). On first run it is set and asked twice. A Settings → Change app password menu item replaces the current Change master password item. This unifies key material and app state under one password and ensures nothing is ever written unencrypted, including metadata. The current flow already has the machinery — it is a matter of applying it earlier in startup.

The menu item to view rustpg.conf in the main window (original request) is still wanted regardless of which option is chosen — useful on Windows where the config path is non-obvious.

Three related problems that belong together: **1. App state is scattered across three files.** `rustpg.conf` holds settings, a separate `recent` file holds the recent-file list, and window size/position is not persisted at all. These should live in one place. Option A: fold everything into `rustpg.conf` (`recent01=...` through `recent10=`; `window_w`, `window_h`, `window_x`, `window_y`). Option B: keep `rustpg.conf` for user-visible settings and add `rustpg.state` for ephemeral runtime state. Either way, the `recent` sidecar file goes away. **2. App metadata leaks even when key material is encrypted.** An attacker with read access to `~/.config/rustpg/` can see the recent-file list (what documents you opened) and the `my_id` setting (reveals your identity slug, which is a hint about the contents of `key_material.rpg`). If `rustpg.conf` were encrypted with the same key as `key_material.rpg`, this metadata would be protected at the same trust boundary as the keys themselves. **3. App password at startup.** A natural extension of point 2: require the master password before the app renders anything (the red passphrase box appears first). On first run it is set and asked twice. A `Settings → Change app password` menu item replaces the current `Change master password` item. This unifies key material and app state under one password and ensures nothing is ever written unencrypted, including metadata. The current flow already has the machinery — it is a matter of applying it earlier in startup. The menu item to view `rustpg.conf` in the main window (original request) is still wanted regardless of which option is chosen — useful on Windows where the config path is non-obvious.

This would mean a toggle in settings. 'encrypt rustpg.conf with same key as keyring'. this would mean a special thing happening, after keyring successfully opened, also read the rustpg.rpg config now. this mode would need some theme/settings reset/full app redraw or something after the settings are read after the key struct is read

This would mean a toggle in settings. 'encrypt rustpg.conf with same key as keyring'. this would mean a special thing happening, after keyring successfully opened, also read the rustpg.rpg config now. this mode would need some theme/settings reset/full app redraw or something after the settings are read after the key struct is read
Sign in to join this conversation.
No Branch/Tag specified
main
alpha-0.4.1
alpha-0.4.0
alpha-0.3.3
alpha-0.3.2
alpha-0.3.1
v0.3.1
alpha-1
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
threadpanic/rustpg#7
Reference in a new issue
threadpanic/rustpg
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?