Using vault for generating users encryption keys
I am creating a notes app and I really like to protect user personal data. In my app, I am using the user password to generate a decryption key that will be used to decrypt his or her data. This way, not even me can peek into their personal, encrypted information. I store the user encrypted password using flutter_secure_storage for offline use. The downside? If user forget his password, he is screwed.
Can I use vault to generate random encryption keys for each user that register? Maybe adding a trigger when a new user is created. I could also story this key encrypted for offline use. Now the user can redefine his password anytime, but can me or anyone that works with me peek into that information and use for malicious porpuses?
What do you guys think is the best approach?
Thanks.
Can I use vault to generate random encryption keys for each user that register? Maybe adding a trigger when a new user is created. I could also story this key encrypted for offline use. Now the user can redefine his password anytime, but can me or anyone that works with me peek into that information and use for malicious porpuses?
What do you guys think is the best approach?
Thanks.
