Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pass phrase in memory. Decrypt a message #1251

Closed
DenBond7 opened this issue May 26, 2021 · 14 comments · Fixed by #1282
Closed

Pass phrase in memory. Decrypt a message #1251

DenBond7 opened this issue May 26, 2021 · 14 comments · Fixed by #1282
Assignees
@DenBond7
Milestone
1.1.9

Comments

@DenBond7
Copy link
Collaborator

as a part of #372
@DenBond7 DenBond7 added this to the 1.1.9 milestone May 26, 2021
@DenBond7 DenBond7 self-assigned this May 26, 2021
@tomholub
Copy link
Collaborator

This one is the most important of similar issues.

DenBond7 added a commit that referenced this issue Jun 2, 2021
@DenBond7
Added some UI and logic. Refactored code.| #1251
d9269e0
DenBond7 added a commit that referenced this issue Jun 2, 2021
@DenBond7
Modified a logic in FixEmptyPassphraseDialogFragment. Improved UI.| #…
666f487 
…1251
DenBond7 added a commit that referenced this issue Jun 2, 2021
@DenBond7
Added logic to re-decrypt a message automatically when a user added a…
f8e1d43 
… missed passphrase.| #1251
@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 3, 2021

@tomholub Let me ask you a few questions about the logic.

When we noticed the NEED_PASSPHRASE error what should we do?

  1. show a dialog where we will provide all keys that have missed passphrase
  2. show a dialog where we will provide only a key that has missed passphrase and we need that key for decryption

DenBond7 added a commit that referenced this issue Jun 3, 2021
@DenBond7
Improved logic and UI.| #1251
b4aae51
@tomholub
Copy link
Collaborator

tomholub commented Jun 3, 2021

Option 2 is definitely better

@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 3, 2021

@tomholub

Let's imagine that we try to decrypt some message and receive the following error

{
  "type": "decryptErr",
  "content": "---...---",
  "decryptErr": {
    "success": false,
    "error": {
      "type": "need_passphrase",
      "message": "Missing pass phrase"
    },
    "longids": {
      "message": [
        "D7A3DEDB65CB1EFB",
        "4F1458BD22B7BB53"
      ],
      "matching": [
        "3DEBE9F677D5B9BB38E5A244225F8023C20D0957"
      ],
      "chosen": [],
      "needPassphrase": [
        "3DEBE9F677D5B9BB38E5A244225F8023C20D0957"
      ]
    },
    "isEncrypted": true
  },
  "complete": true
}

What about needPassphrase: can we have more than 1 element here?

@tomholub
Copy link
Collaborator

tomholub commented Jun 3, 2021 via email

@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 3, 2021

@tomholub One more question. Is there a situation when we have the following:
decryptErr.error.type == need_passphrase && decryptErr.longids.needPassphrase.size == 0?

DenBond7 added a commit that referenced this issue Jun 3, 2021
@DenBond7
Cahnged logic in FixNeedPassphraseIssueDialogFragment to ask a passph…
20a1abd 
…rase for the given keys only (filtered by a fingerprint). Refactored code.| #1251
@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 3, 2021
edited
Loading

Need to add tests for the following cases

  • Found 1 key without a passphrase
  • Found more than 1 key without a passphrase( we only need a passphrase for any one of that keys to decrypt
    the message).
  • Test "Fix" button
  • test an empty passphrase
  • test a wrong passphrase
  • test a correct passphrase
  • a user doesn't provide the right key

@tomholub
Copy link
Collaborator

tomholub commented Jun 3, 2021

@tomholub One more question. Is there a situation when we have the following:
decryptErr.error.type == need_passphrase && decryptErr.longids.needPassphrase.size == 0?

That shouldn't happen. You could make an acra report for this.

@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 4, 2021

I've found an interesting behavior. Let me provide steps:

  1. I have 7 private keys with the option pass phrase in RAM(one of them is 3DEBE9F677D5B9BB38E5A244225F8023C20D0957). There are no provided pass phrases in RAM
  2. I open some encrypted message that was encrypted for 3DEBE9F677D5B9BB38E5A244225F8023C20D0957. Then I receive the following error
{
  "type": "decryptErr",
  "content": "---...---",
  "decryptErr": {
    "success": false,
    "error": {
      "type": "need_passphrase",
      "message": "Missing pass phrase"
    },
    "longids": {
      "message": [
        "D7A3DEDB65CB1EFB",
        "4F1458BD22B7BB53"
      ],
      "matching": [
        "3DEBE9F677D5B9BB38E5A244225F8023C20D0957"
      ],
      "chosen": [],
      "needPassphrase": [
        "3DEBE9F677D5B9BB38E5A244225F8023C20D0957"
      ]
    },
    "isEncrypted": true
  },
  "complete": true
}
  1. Now I can show a dialog where a user can provide a pass phrase for 3DEBE9F677D5B9BB38E5A244225F8023C20D0957
  2. Then go to Settings -> Keys -> Open 3DEBE9F677D5B9BB38E5A244225F8023C20D0957 -> Delete it. Now we have 6 keys.
  3. Go to Android Settings -> Apps -> FlowCrypt -> Force stop. we need it to restart Node.js server. To prevent cache issues.
  4. Go to the app, open a message from 2. Please let me reminder that message was encrypted for 3DEBE9F677D5B9BB38E5A244225F8023C20D0957 which was deleted in step 4.
  5. Now I see the following error
{
  "type": "decryptErr",
  "content": "---...---",
  "decryptErr": {
    "success": false,
    "error": {
      "type": "need_passphrase",
      "message": "Missing pass phrase"
    },
    "longids": {
      "message": [
        "D7A3DEDB65CB1EFB",
        "4F1458BD22B7BB53"
      ],
      "matching": [
        "868AD9D0A54CF0E8A188D4820BF67A84CAB84A5A",
        "39202AB83667ADF3AC87E28AEFE0DFD8E30D9F23",
        "9D23DCD96224DED21A5C1AB38C0661EEF4B22DCD",
        "3A5BCBE96D1FEABE7E3CA91E732201290C68E3DA",
        "27EB4C42D3AC343D4C9EDA8740A2DD702DD0CD1E",
        "C223AF94FA02D2F3465A64670F610EA685B111FA"
      ],
      "chosen": [],
      "needPassphrase": [
        "868AD9D0A54CF0E8A188D4820BF67A84CAB84A5A",
        "39202AB83667ADF3AC87E28AEFE0DFD8E30D9F23",
        "9D23DCD96224DED21A5C1AB38C0661EEF4B22DCD",
        "3A5BCBE96D1FEABE7E3CA91E732201290C68E3DA",
        "27EB4C42D3AC343D4C9EDA8740A2DD702DD0CD1E",
        "C223AF94FA02D2F3465A64670F610EA685B111FA"
      ]
    },
    "isEncrypted": true
  },
  "complete": true
}
  1. After that I have to show a dialog where I will display 6 keys and ask a user to provide a passphrase for any of them. But there is no key that can decrypt the message from 2.
  2. I thought there should be an error that a user doesn't provide the right key. Is there a bug on the Node side?

DenBond7 added a commit that referenced this issue Jun 4, 2021
@DenBond7
Added handling some errors.| #1251
c4a0ad7
DenBond7 added a commit that referenced this issue Jun 4, 2021
@DenBond7
Improved CheckPrivateKeysViewModel.| #1251
ead130d
@tomholub
Copy link
Collaborator

tomholub commented Jun 4, 2021

I thought there should be an error that a user doesn't provide the right key. Is there a bug on the Node side?

It's expected behavior as far as when it was designed, but I think we could start considering it a bug today.

Sometimes you may receive a message that was badly constructed: it's encrypted for your key A, but it says it's encrypted for B and C.

You have no key B or C, you only have A and it looks like you cannot decrypt the message because of key mismatch. But when you actually enter the pass phrase for A, and try decryption, it will decrypt.

This situation results from an error on sender side and therefore we don't have to support it anymore.

I'll see if I can easily change it in NodeJS.

@tomholub tomholub changed the title Pass phrase in memory. Decrypt a message [tom edit node] Pass phrase in memory. Decrypt a message Jun 4, 2021
@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 4, 2021

The final version
ezgif com-gif-maker

@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 4, 2021
edited
Loading

image

DenBond7 added a commit that referenced this issue Jun 4, 2021
@DenBond7
Added an action button to the error layout.| #1251
f884723
@tomholub
Copy link
Collaborator

tomholub commented Jun 4, 2021

Looks good. "missed pass phrase" -> "missing pass phrase" :-)

@DenBond7
Copy link
Collaborator Author

DenBond7 commented Jun 4, 2021

I'm going to add a few tests and this issue will be completed.

This was referenced Jun 4, 2021
Merged
Merged
@tomholub tomholub changed the title [tom edit node] Pass phrase in memory. Decrypt a message Pass phrase in memory. Decrypt a message Jun 4, 2021
DenBond7 added a commit that referenced this issue Jun 4, 2021
@DenBond7
wip.| #1251
180bd8b
DenBond7 added a commit that referenced this issue Jun 4, 2021
@DenBond7
Added tests. wip.| #1251
f391aac
DenBond7 added a commit that referenced this issue Jun 7, 2021
@DenBond7
Added tests. wip.| #1251
b042875
DenBond7 added a commit that referenced this issue Jun 7, 2021
@DenBond7
flowcrypt-email-server:0.0.3| #1251
cf8011c
DenBond7 added a commit that referenced this issue Jun 7, 2021
@DenBond7
Added tests.| #1251
9692729
DenBond7 added a commit that referenced this issue Jun 7, 2021
@DenBond7
Added using 'keyCacheWipe' endpoint. Fixed tests.| #1251
8d0dcde
@DenBond7 DenBond7 mentioned this issue Jun 8, 2021
Merged
4 tasks
tomholub pushed a commit that referenced this issue Jun 9, 2021
@DenBond7
Issue #1251 pass in ram decrypt msg (#1282)
41261ec 
* Added some UI and logic. Refactored code.| #1251

* Modified a logic in FixEmptyPassphraseDialogFragment. Improved UI.| #1251

* Added logic to re-decrypt a message automatically when a user added a missed passphrase.| #1251

* Improved logic and UI.| #1251

* Cahnged logic in FixNeedPassphraseIssueDialogFragment to ask a passphrase for the given keys only (filtered by a fingerprint). Refactored code.| #1251

* Added handling some errors.| #1251

* Improved CheckPrivateKeysViewModel.| #1251

* Added an action button to the error layout.| #1251

* flowcrypt-email-server:0.0.3| #1251

* Added tests.| #1251

* Added using 'keyCacheWipe' endpoint. Fixed tests.| #1251
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DenBond7 DenBond7

Labels
None yet
Projects
None yet
Milestone
1.1.9
Development

Successfully merging a pull request may close this issue.

Issue 1251 pass in ram decrypt msg FlowCrypt/flowcrypt-android
2 participants
@DenBond7 @tomholub