How to implement encryption on Baikal/ SabreDAV?

Question

I am trying out Baikal for its CardDAV functionality in order to provide my users with addressbook functionality on iOS.

I have created a desktop application and expect to be able to create a BLOB from this app, with VCard data, and insert it to a MySQL table for Baikal to see it as valid addressbook data. The tricky part is that I want to ask the user for an encryption key to setup their CardDAV account on Baikal. My hope is that I would pass this key to an encryption function in order to encrypt a vcard and store it as a BLOB on Baikal's MySQL database. To retrieve the CardDAV contacts on the user's iOS (iphone) device, I would somehow ask users to add their key as a parameter to the connection URL of Baikal. Finally I would use this parameter to decrypt each user's cards. So, if my user's addressbook is at http://myserver/baikal/html/dav.php/user1/default, I would ask them to add the parameter like this: http://myserver/baikal/html/dav.php/user1/default?p=12345678

In that way, only the user would know the way to decrypt their data and Baikal would be safe if it ever fell on a hacker's hands.

Does this make sense? Any idea on where to start?

Answer 1

If you put the password into the URL, it will be all over your system logs if the server ever fell into the hacker's hands. You could just use the user's regular password to encrypt, at least that's not usually logged or persisted in other ways on the server.

Real client side encryption cannot be done with (unmodified) CardDAV clients, because regular Cal/CardDAV clients like the ones in iOS/macOS simply do not support a way to do content level encryption. The most you can get is TLS for securing the transport.

If you'd still want to go forward, you'd need to modify the server to:

• treat those stored encrypted-vCards as regular vCards (e.g. report proper content types)
• decrypt them prior delivery as the user requests them, and encrypt them when the user changes them on arrival
• do something reasonable with CardDAV queries, probably disabling them would be best

Quite frankly this has only limited value at a high expense over just letting the database or filesystem encrypt the data.

It really depends on the specific security issue you want to address. But if the hacker has access to your server, he also has access to all incoming passwords and can just capture them.

If you want real client side encryption, you can't use a standard CardDAV client, but would need to write your own. E.g. on iOS/macOS you could have an app which does the encryption locally and updates the user's contacts database.

Implementing encryption properly is really hard, if the data is sensible, you'd want a pro to audit that.