developers already have sjcl.encrypt(‘password’, ‘data’) and sjcl.decrypt(‘password’, ‘encrypted-data’) available, so that part is already done, i think? unless we choose to compete with sjcl, but i don’t think that’s a priority at this point.
i agree, the place to enter the password should be inside the app, for two reasons:
- putting it in the widget, next to where people put in their storage address, suggests that people should put their storage password in there, it will be very confusing i think
- putting it in the widget suggests that the app has no access to it, and the password is under the control of remotestorage.js. this will not be true though, because an app could easily inspect the DOM
therefore, it is clearer to make it so the user is giving their client-side password to the app, not to the widget.