mirror of
https://github.com/laurent22/joplin.git
synced 2025-01-26 18:58:21 +02:00
Electron: Improved enabling/disabling E2EE
This commit is contained in:
parent
d1abf4971d
commit
bef7c38724
@ -34,10 +34,10 @@ class EncryptionConfigScreenComponent extends React.Component {
|
|||||||
this.isMounted_ = false;
|
this.isMounted_ = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
componentWillMount() {
|
initState(props) {
|
||||||
this.setState({
|
this.setState({
|
||||||
masterKeys: this.props.masterKeys,
|
masterKeys: props.masterKeys,
|
||||||
passwords: this.props.passwords ? this.props.passwords : {},
|
passwords: props.passwords ? props.passwords : {},
|
||||||
}, () => {
|
}, () => {
|
||||||
this.checkPasswords();
|
this.checkPasswords();
|
||||||
});
|
});
|
||||||
@ -49,7 +49,6 @@ class EncryptionConfigScreenComponent extends React.Component {
|
|||||||
this.refreshStatsIID_ = null;
|
this.refreshStatsIID_ = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
this.refreshStatsIID_ = setInterval(() => {
|
this.refreshStatsIID_ = setInterval(() => {
|
||||||
if (!this.isMounted_) {
|
if (!this.isMounted_) {
|
||||||
clearInterval(this.refreshStatsIID_);
|
clearInterval(this.refreshStatsIID_);
|
||||||
@ -60,6 +59,14 @@ class EncryptionConfigScreenComponent extends React.Component {
|
|||||||
}, 3000);
|
}, 3000);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
componentWillMount() {
|
||||||
|
this.initState(this.props);
|
||||||
|
}
|
||||||
|
|
||||||
|
componentWillReceiveProps(nextProps) {
|
||||||
|
this.initState(nextProps);
|
||||||
|
}
|
||||||
|
|
||||||
async refreshStats() {
|
async refreshStats() {
|
||||||
const stats = await BaseItem.encryptedItemsStats();
|
const stats = await BaseItem.encryptedItemsStats();
|
||||||
this.setState({ stats: stats });
|
this.setState({ stats: stats });
|
||||||
@ -141,9 +148,9 @@ class EncryptionConfigScreenComponent extends React.Component {
|
|||||||
|
|
||||||
let answer = null;
|
let answer = null;
|
||||||
if (isEnabled) {
|
if (isEnabled) {
|
||||||
answer = await dialogs.confirm(_('Disabling encryption means <b>all</b> your notes and attachments are going to re-synchronized and sent unencrypted to the sync target. Do you wish to continue?'));
|
answer = await dialogs.confirm(_('Disabling encryption means <b>all</b> your notes and attachments are going to be re-synchronised and sent unencrypted to the sync target. Do you wish to continue?'));
|
||||||
} else {
|
} else {
|
||||||
answer = await dialogs.prompt(_('Enabling encryption means <b>all</b> your notes and attachments are going to re-synchronized and sent encrypted to the sync target. Do not lose the password as, for security purposes, this will be the <b>only</b> way to decrypt the data! To enable encryption, please enter your password below.'), '', '', { type: 'password' });
|
answer = await dialogs.prompt(_('Enabling encryption means <b>all</b> your notes and attachments are going to be re-synchronised and sent encrypted to the sync target. Do not lose the password as, for security purposes, this will be the <b>only</b> way to decrypt the data! To enable encryption, please enter your password below.'), '', '', { type: 'password' });
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!answer) return;
|
if (!answer) return;
|
||||||
@ -152,7 +159,7 @@ class EncryptionConfigScreenComponent extends React.Component {
|
|||||||
if (isEnabled) {
|
if (isEnabled) {
|
||||||
await EncryptionService.instance().disableEncryption();
|
await EncryptionService.instance().disableEncryption();
|
||||||
} else {
|
} else {
|
||||||
await EncryptionService.instance().enableEncryption();
|
await EncryptionService.instance().generateMasterKeyAndEnableEncryption(answer);
|
||||||
}
|
}
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
await dialogs.alert(error.message);
|
await dialogs.alert(error.message);
|
||||||
@ -188,9 +195,6 @@ class EncryptionConfigScreenComponent extends React.Component {
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Disabling encryption means *all* your notes and attachments are going to re-synchronized and sent unencrypted to the sync target.
|
|
||||||
// Enabling End-To-End Encryption (E2EE) means *all* your notes and attachments are going to re-synchronized and sent encrypted to the sync target. Do not lose the password as, for security purposes, this will be the *only* way to decrypt the data. To enable E2EE, please enter your password below and click "Enable E2EE".
|
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<div>
|
<div>
|
||||||
<Header style={headerStyle} />
|
<Header style={headerStyle} />
|
||||||
|
@ -50,4 +50,13 @@ Items are encrypted only during synchronisation, when they are serialised (via B
|
|||||||
|
|
||||||
They are decrypted by DecryptionWorker in the background.
|
They are decrypted by DecryptionWorker in the background.
|
||||||
|
|
||||||
The apps handle displaying both decrypted and encrypted items, so that user is aware that these items are there even if not yet decrypted. Encrypted items are mostly read-only to the user, except that they can be deleted.
|
The apps handle displaying both decrypted and encrypted items, so that user is aware that these items are there even if not yet decrypted. Encrypted items are mostly read-only to the user, except that they can be deleted.
|
||||||
|
|
||||||
|
## Enabling and disabling encryption
|
||||||
|
|
||||||
|
Enabling/disabling E2EE while two clients are in sync might have an unintuitive behaviour (although that behaviour might be correct), so below some scenarios are explained:
|
||||||
|
|
||||||
|
- If client 1 enables E2EE, all items will be synced to target and will appear encrypted on target. Although all items have been re-uploaded to the target, their timestamps did *not* change (because the item data itself has not changed, only its representation). Because of this, client 2 will not be re-download the items - it does not need to do so anyway since it has already the item data.
|
||||||
|
- When a client sync and download a master key for the first time, encryption will be automatically enabled (user will need to supply the master key password). In that case, all items that are not encrypted will be re-synced. Uploading only non-encrypted items is an optimisation since if an item is already encrypted locally it means it's encrytped on target too.
|
||||||
|
- If both clients are in sync with E2EE enabled: if client 1 disable E2EE, it's going to re-upload all the items unencrypted. Client 2 again will not re-download the items for the same reason as above (data did not change, only representation). Note that user *must* manually disable E2EE on all clients otherwise some will continue to upload encrypted items. Since synchronisation is stateless, clients do not know whether other clients use E2EE or not so this step has to be manual.
|
||||||
|
- Although messy, Joplin supports having some clients send encrypted and others unencrypted ones. The situation gets resolved once all the clients have the same E2EE settings.
|
@ -43,6 +43,13 @@ class EncryptionService {
|
|||||||
return this.logger_;
|
return this.logger_;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async generateMasterKeyAndEnableEncryption(password) {
|
||||||
|
let masterKey = await this.generateMasterKey(password);
|
||||||
|
masterKey = await MasterKey.save(masterKey);
|
||||||
|
await this.enableEncryption(masterKey, password);
|
||||||
|
await this.loadMasterKeysFromSettings();
|
||||||
|
}
|
||||||
|
|
||||||
async enableEncryption(masterKey, password = null) {
|
async enableEncryption(masterKey, password = null) {
|
||||||
Setting.setValue('encryption.enabled', true);
|
Setting.setValue('encryption.enabled', true);
|
||||||
Setting.setValue('encryption.activeMasterKeyId', masterKey.id);
|
Setting.setValue('encryption.activeMasterKeyId', masterKey.id);
|
||||||
|
Loading…
x
Reference in New Issue
Block a user