🔐Source Locker
This page will explain the "locker" feature to store backups of your source codes.
Luarmor by default, does not store the source code. However, if you use Source Locker feature, you will be able to encrypt the script with a private key & upload it to Luarmor. If you ever lose access to your source code on your PC, you will be able to recover all sources through the locker. This encryption & decryption process runs entirely on your browser, and server will never know what the raw content is.
For the cryptographic implementation, refer to the scheme below.
This implementation ensures that the "private RSA key" is only decryptable via the 108-bit master seed, which is only shown once to the user during setup process, and never stored anywhere in browser storage.
The "108 bit seed" is used as a seed for the derivation algorithm "PBKDF2" with 100k SHA256 iterations, "AES" stands for "AES-GCM" with 256 bit key length in this context. There is also a seeding mechanism involved, but it has no meaningful effect on the process.
RSA Public Key (created during the setup process) is used to encrypt the AES-GCM seed that's responsible from the encryption of the actual script data including:
File name
File size (how many bytes)
Time
File Content
Metadata and file content is encrypted in browser, which means that server has no way to verify their authenticity. Therefore you should keep in mind that if you're sharing your API key with other people, they can technically manipulate file name, file content and file size during the upload process. And it will appear "normal" to the server.
The actual implementation is a bit more complicated than this, where a "proof" mechanism and a 2FA control mechanism are involved before serving the actual encrypted file data. There is also a on-the-fly key generation to avoid storing private key within browser storage. Instead, it stores a "temp_key" to decrypt the private RSA key stored in server in an encrypted form.
All of this implementation can be audited @ https://luarmor.net/locker_api.js
Last updated