I am working on an app storing sensitive information and right now everyone has access to any data in user Gaia hub. This concerns me, because even though data are encrypted now , it’s possible that encryption used by Blockstack will be broken in not that distant future. In this case anyone collecting encrypted data will have access to them. Seems like more safe approach would be to have encrypted data on access limited places. I don’t see good reason for anyone other than parties trusted by user to have access. Ofc security is outside of my expertise so I would love hear your thoughts
If it makes you feel better, it’s ECIES with the secp256k1 curve, with a SHA256 HMAC and 256-bit AES-CBC symmetric key encryption. A break in any one of these primitives will have earth-shattering consequences well beyond Blockstack. Also, our encryption/decryption code implementation has also been audited by 3rd parties.
You can do this, but you’ll need to run your own Gaia hub that has an additional authorization requirement on the read path (the default one does not).