Encrypt Discord token at rest in settings file (machine-bound) (#1491)

* Initial plan * Add token encryption when saving/loading settings Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Apply suggestion from @Tyrrrz * Apply suggestion from @Tyrrrz * Bind token encryption key to machine identity Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Switch to AES-GCM, hex encoding, and GetBytes/Fill improvements Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Address all review feedback: salt injection, code style, localization formatting Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Address latest review: ThisAssembly.Project, EnvironmentExtensions, inline Lazy, renames, localization wording Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Address latest review: layout comment, cipherSource, else block, MachineName fallback, csproj ordering Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Apply suggestion from @Tyrrrz * Rename GetMachineId→TryGetMachineId, refactor Write to use single array with FillBytes Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Rename cipherSource→cipher in Read(), tokenBytes→tokenData in Write(), update layout comments Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Add cipherSource variable in Write(), update layout comment with size annotation Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Fix CSharpier formatting: inline multiline string assignments and reformat exception filter Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Quote EncryptionSalt argument to handle single quotes in secret value Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Revert double-quote fix on EncryptionSalt argument Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> * Apply suggestion from @Tyrrrz * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: Tyrrrz <1935960+Tyrrrz@users.noreply.github.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2026-04-28 00:36:00 +00:00 · 2026-02-27 14:01:25 +02:00
parent 2e47c73388
commit eef0fc742d
11 changed files with 177 additions and 10 deletions
--- a/DiscordChatExporter.Gui/Localization/LocalizationManager.German.cs
+++ b/DiscordChatExporter.Gui/Localization/LocalizationManager.German.cs
@@ -54,8 +54,10 @@ public partial class LocalizationManager
        [nameof(AutoUpdateLabel)] = "Automatische Updates",
        [nameof(AutoUpdateTooltip)] = "Automatische Updates bei jedem Start durchführen",
        [nameof(PersistTokenLabel)] = "Token speichern",
-        [nameof(PersistTokenTooltip)] =
-            "Den zuletzt verwendeten Token in einer Datei speichern, damit er zwischen Sitzungen erhalten bleibt",
+        [nameof(PersistTokenTooltip)] = """
+            Den zuletzt verwendeten Token in einer Datei speichern, damit er zwischen Sitzungen erhalten bleibt.
+            **Warnung**: Der Token wird mit Verschlüsselung gespeichert, kann aber dennoch von einem Angreifer mit Zugriff auf Ihr System wiederhergestellt werden.
+            """,
        [nameof(RateLimitPreferenceLabel)] = "Ratenlimit-Einstellung",
        [nameof(RateLimitPreferenceTooltip)] =
            "Ob empfohlene Ratenlimits eingehalten werden sollen. Wenn deaktiviert, werden nur harte Ratenlimits (d. h. 429-Antworten) eingehalten.",