Store encrypted passphrase locally #95
Conversation
side (browserLocalStorage) or server side (LDAP server) Passphrase would be encrypted using AES anytime as well.
…issue with this. object
…to put into passphraseInput when generating new keys pair
Conflicts: tk_barrydegraaff_zimbra_openpgp/lang.js
|
Thank you very much for your work, testing this and reviewing it, will probably be done by tuesday. |
|
I forgot to mention, but Aes.Ctr.decrypt always returns a value,even if it is junk/binary data. Barry |
|
The Aes.Ctr.decrypt also goes wrong after a user selects 'forget all other private keys', the aes password is then no longer the same for all possible local copies, the user will then be served with a wrong password. Also, it is easier to not use xml like tags, so we can just substring the password, and be sure it is the correct one. (something like Aes.Ctr.encrypt(-----openpgppassphrase-----=passphrasehere)) |
|
These changes are fine to your comments? |
|
yes, now you only need to check for -----openpgppassphrase---- when decrypting, and it should be fine.Maybe you can Also:http://www.w3schools.com/jsref/jsref_substring.aspYou do not need to specify the end of the string. Barry |
|
allowing current users to upgrade to the new version , without having to tell all users to store there passphrase againis also nice: and remove that cryptedpp substring everywhere in the code where privatapass is needed. |
|
The above comments in readable format: |
|
I have updated as your comments. Please review all changes. |
| if ((zimbra_openpgp_privatepass.length > 0) && (zimbra_openpgp_privatepass.indexOf('-cryptedpp-') < 1)) | ||
| { | ||
| //found a zimbra_openpgp_privatepass on server that was stored in a previous version, encrypt it | ||
| var encryptedPassphrase = Aes.Ctr.encrypt('-----openpgppassphrase-----='+zimbra_openpgp_privatepass, tk_barrydegraaff_zimbra_openpgp.settings['aes_password'], 256); |
There was a problem hiding this comment.
The equal mark here is a bit vague, will remove that later
-----openpgppassphrase-----=
should be
-----openpgppassphrase-----
| @@ -576,6 +623,32 @@ function(id, title, message) { | |||
| break; | |||
| case 3: | |||
| //Manage keys | |||
| if((tk_barrydegraaff_zimbra_openpgp.prototype.localStorageRead()) && (tk_barrydegraaff_zimbra_openpgp.prototype.localStorageRead() !== tk_barrydegraaff_zimbra_openpgp.privateKeyCache)) | |||
There was a problem hiding this comment.
Please provide a comment here, and describe what this IF statement is for
There was a problem hiding this comment.
It is similar to the beginning in other switch cases.
|
Almost there, I provided some inline comments, that can be viewed best using: |
…e-locally Store encrypted passphrase locally
ghost
merged commit `Undefined` errors for new users...
if localstorage option is selected for passphrase store, but I open another browser. Don't trow error.
|
Funny, this feature allows the use of multiple private keys, for example, one could run and it would still work. |
|
Thanks Barry for accepting my pull request. Hope people will love this new feature. |
|
It is better if
|
|
Yes. I will try my best to work with you :) |
|
I have hereby verified that for users that have a passphrase stored on the server in 1.7.2, that the passphrase is automatically upgraded to an encoded one, and that all auto-decrypt stuff remains operational. |
|
migrate from 1.7.2 -> 1.7.3 with a
|
Add an option for users to choose whether store passphrase in browser localStorage (client side) or LDAP (server side). In both cases, passphrase is always encrypted.