Security of Title Field

wlavallee
wlavallee
Community Member

Is the Title field on nodes encrypted? When I pull it down from the command line I have to use the exact name, I am wondering if the client is encrypting the title field before it sends it to the server to pull down that node, or how that process actually works.

We want to know if the Title's in our vault are also encrypted, of if they are exposed to agilebits?

Thanks,
Warren


1Password Version: 0.0.3
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:master password requirements

Comments

  • Hi @wlavallee,

    That's a great question. Yes, the title is encrypted. Every item has two parts, what we refer to as the overview and the details. The details is what you're getting back via op get item. We currently don't have a way to get you the overview of the item via the CLI, we're trying to find the best way of doing that. The overview is encrypted just like the details, but contains the data that a client would want to use to say generate a list for the user. So it contains things like the item title, and the URL(s) associated with the item, references to the custom icon of the item (also encrypted), etc...

    I have to use the exact name, I am wondering if the client is encrypting the title field before it sends it to the server to pull down that node,

    It doesn't quite work like your mental model has it set up. Instead the cli tool is actually downloading all overviews for all items, decrypting them locally and searching through them to find the item that you want. We want to provide a "Fast path" to this so that if you give the tool a UUID of the item instead of the title, then the client can fetch only that item's overview/details from the server instead of having to sift through the pack of them to find the right one.

    Rick

  • cohix
    cohix
    1Password Alumni
    edited August 2017

    Warren,

    The titles of vaults and items are indeed encrypted by the client before being sent to the server. Both of these objects have encrypted 'overviews' which contain only the smallest amount of information needed for the client to determine how to display it. The CLI decrypts these overviews when searching for items and vaults to make things as quick as possible. Once it finds what it needs, it decrypts the rest of the object. The only identifier unencrypted on the server is the object's UUID, which is not a secret.

    Hope that answered your question!

    Edit: oops looks like Rick beat me to the punch!

This discussion has been closed.