Encrypted Field Display Widget - Likepersonsapp

Description

Specialized display layer for Blindeforbundet's sensitive contact data (name, address, medical summary). Reveals decrypted content only on explicit user interaction and writes a read-receipt confirmation back to Supabase.

Feature: Contact Detail & Edit Screen

encrypted-field-display

Summaries

The Encrypted Field Display Widget is the primary mechanism through which Blindeforbundet enforces its stringent data privacy requirements for sensitive contact information, including names, addresses, and medical summaries. By masking sensitive data by default and requiring explicit user interaction to reveal it — while simultaneously logging a read-receipt back to the database — the product provides a complete, auditable access control layer at the point of data consumption. This capability is not merely a feature; it is a compliance requirement that directly determines whether Blindeforbundet can legally operate the system under Norwegian privacy regulations. The audit trail generated by read-receipts also provides organizational accountability, enabling administrators to review who accessed sensitive data and when — a capability that builds institutional trust and supports incident response if a data access concern arises.

The Encrypted Field Display Widget is the highest-complexity component in this group, with dependencies on field-encryption-utils and read-receipt-service — both of which must be fully implemented and tested before this widget can be integrated into the Contact Detail Screen. The read-receipt write-back introduces an asynchronous side effect triggered by user interaction, which adds complexity to testing: every field reveal must be verified to produce a corresponding database record, and network failure during write-back must be handled gracefully without blocking the field reveal itself. Accessibility is a non-negotiable requirement here — the widget must announce field reveals to screen readers with appropriate labels, and this must be validated with assistive technology testing before release. Schedule extra time for security review of the decryption flow and the read-receipt confirmation logic, as errors here carry compliance risk.

The Encrypted Field Display Widget operates in the mobile execution context and manages a per-field revealed/masked state map (Map) internally. revealField triggers the field-encryption-utils decryption routine for the given fieldKey, updates the revealed state, and asynchronously calls read-receipt-service to write the access record back to Supabase — this write-back must be fire-and-forget with local error logging, as blocking the UI on a failed receipt write would degrade user experience. maskField resets the field to its masked state without triggering a receipt. isRevealed provides synchronous state access for conditional rendering.

The encrypted-field and read-receipt data models are the schema dependencies. Key implementation concerns: decryption should occur only on demand (not pre-loaded) to minimize sensitive data exposure in memory; use Flutter's Semantics widget to annotate revealed fields with appropriate accessibility labels; ensure that hot-reload or widget tree rebuilds do not inadvertently reset the revealed state mid-interaction. The dependency on field-encryption-utils means the encryption key management strategy must be finalized before this widget can be fully integrated.