deltachat-core-rust icon indicating copy to clipboard operation
deltachat-core-rust copied to clipboard

Published 20 hours ago • verified publisher icon deltachat

Add API to change database passphrase

Open link2xt opened this issue 3 years ago • 5 comments

New API is:

  • dc_context_is_encrypted()
  • dc_context_change_passphrase()

link2xt avatar Jan 29 '22 18:01 link2xt

shouldn't maual changes of the database encryption passphrase include a verification step that the user knows the old passphrase? In terms of this api: shouldn't we pass the old passpharase as a parameter (exception: it was a random generated passphrase by the device)

cyBerta avatar Feb 01 '22 13:02 cyBerta

@cyBerta Even DC itself does not know the passpharse at this point. We can of course try to open another connection with old passphrase, but I don't see what does this solve? Similar to how websites require you to enter old passphrase so someone cannot change the passphrase if you forgot to lock the screen?

On the phone asking for device key (unlock screen) maybe? At least on Android this is what DC does when you try to export the secret key (though for backup which contains the same key it doesn't currently).

link2xt avatar Feb 01 '22 15:02 link2xt

I guess the testing the user knows the old password is something the UI could do on its own. though there is also nothing that stops the ffi api requiring the old password so that it is a bit more prescriptive instead of up the the UIs to do the same.

check_password already exists and could be merged into the rekey function to only get the pool write lock once.

flub avatar Feb 01 '22 19:02 flub

On the phone asking for device key (unlock screen) maybe? At least on Android this is what DC does when you try to export the secret key (though for backup which contains the same key it doesn't currently).

Are you sure? DC Android does ask for my fingerprint when I want to export a backup.

Hocuri avatar Feb 02 '22 08:02 Hocuri

On the phone asking for device key (unlock screen) maybe? At least on Android this is what DC does when you try to export the secret key (though for backup which contains the same key it doesn't currently).

Are you sure? DC Android does ask for my fingerprint when I want to export a backup.

Sorry, just checked, it actually does require to unlock to export the backup too.

Then I think the procedure for changing the passphrase could be the same, asking for device key rather than the database key which the user may not know if it's in the keystore.

link2xt avatar Feb 02 '22 10:02 link2xt

Moving to project resurrection.

link2xt avatar Dec 04 '22 18:12 link2xt