Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

consider eventually allowing EKM setup without FORBID_STORING_PASS_PHRASE #1765

Open
tomholub opened this issue Apr 29, 2022 · 3 comments
Open

consider eventually allowing EKM setup without FORBID_STORING_PASS_PHRASE #1765

tomholub opened this issue Apr 29, 2022 · 3 comments
Labels
actionable
Milestone
later

Comments

@tomholub
Copy link
Collaborator

Is setup with EKM also allowed when FORBID_STORING_PASS_PHRASE is not set?

No, we disallow it.

flowcrypt-android/FlowCrypt/src/main/java/com/flowcrypt/email/jetpack/viewmodel/EkmViewModel.kt

Line 117 in 5bb839f

if (!orgRules.hasRule(DomainRule.FORBID_STORING_PASS_PHRASE)) {

respectively to #1168

Originally posted by @DenBond7 in #1761 (comment)
@tomholub tomholub added this to the later milestone Apr 29, 2022
@tomholub
Copy link
Collaborator Author

image

@tomholub
Copy link
Collaborator Author

In such situation, pass phrase will be stored in db instead of RAM.

Similarly, as per screenshot above, code that updates keys from EKM during each startup has to be updated to use appropriate pass phrase storage method (currently always uses RAM)

@tomholub
Copy link
Collaborator Author

The logic for EKM updates should be: if we had to ask user for pass phrase, then use RAM. If we could retrieve pass phrase without asking user, then use db storage.

@tomholub tomholub mentioned this issue Apr 29, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actionable
Projects
None yet
Milestone
later
Development

No branches or pull requests
1 participant
@tomholub