1
0
mirror of https://github.com/laurent22/joplin.git synced 2025-01-26 18:58:21 +02:00

Electron: Improved enabling/disabling E2EE

This commit is contained in:
Laurent Cozic 2017-12-24 11:23:51 +01:00
parent d1abf4971d
commit bef7c38724
3 changed files with 31 additions and 11 deletions

View File

@ -34,10 +34,10 @@ class EncryptionConfigScreenComponent extends React.Component {
this.isMounted_ = false;
}
componentWillMount() {
initState(props) {
this.setState({
masterKeys: this.props.masterKeys,
passwords: this.props.passwords ? this.props.passwords : {},
masterKeys: props.masterKeys,
passwords: props.passwords ? props.passwords : {},
}, () => {
this.checkPasswords();
});
@ -49,7 +49,6 @@ class EncryptionConfigScreenComponent extends React.Component {
this.refreshStatsIID_ = null;
}
this.refreshStatsIID_ = setInterval(() => {
if (!this.isMounted_) {
clearInterval(this.refreshStatsIID_);
@ -60,6 +59,14 @@ class EncryptionConfigScreenComponent extends React.Component {
}, 3000);
}
componentWillMount() {
this.initState(this.props);
}
componentWillReceiveProps(nextProps) {
this.initState(nextProps);
}
async refreshStats() {
const stats = await BaseItem.encryptedItemsStats();
this.setState({ stats: stats });
@ -141,9 +148,9 @@ class EncryptionConfigScreenComponent extends React.Component {
let answer = null;
if (isEnabled) {
answer = await dialogs.confirm(_('Disabling encryption means <b>all</b> your notes and attachments are going to re-synchronized and sent unencrypted to the sync target. Do you wish to continue?'));
answer = await dialogs.confirm(_('Disabling encryption means <b>all</b> your notes and attachments are going to be re-synchronised and sent unencrypted to the sync target. Do you wish to continue?'));
} else {
answer = await dialogs.prompt(_('Enabling encryption means <b>all</b> your notes and attachments are going to re-synchronized and sent encrypted to the sync target. Do not lose the password as, for security purposes, this will be the <b>only</b> way to decrypt the data! To enable encryption, please enter your password below.'), '', '', { type: 'password' });
answer = await dialogs.prompt(_('Enabling encryption means <b>all</b> your notes and attachments are going to be re-synchronised and sent encrypted to the sync target. Do not lose the password as, for security purposes, this will be the <b>only</b> way to decrypt the data! To enable encryption, please enter your password below.'), '', '', { type: 'password' });
}
if (!answer) return;
@ -152,7 +159,7 @@ class EncryptionConfigScreenComponent extends React.Component {
if (isEnabled) {
await EncryptionService.instance().disableEncryption();
} else {
await EncryptionService.instance().enableEncryption();
await EncryptionService.instance().generateMasterKeyAndEnableEncryption(answer);
}
} catch (error) {
await dialogs.alert(error.message);
@ -188,9 +195,6 @@ class EncryptionConfigScreenComponent extends React.Component {
);
}
// Disabling encryption means *all* your notes and attachments are going to re-synchronized and sent unencrypted to the sync target.
// Enabling End-To-End Encryption (E2EE) means *all* your notes and attachments are going to re-synchronized and sent encrypted to the sync target. Do not lose the password as, for security purposes, this will be the *only* way to decrypt the data. To enable E2EE, please enter your password below and click "Enable E2EE".
return (
<div>
<Header style={headerStyle} />

View File

@ -51,3 +51,12 @@ Items are encrypted only during synchronisation, when they are serialised (via B
They are decrypted by DecryptionWorker in the background.
The apps handle displaying both decrypted and encrypted items, so that user is aware that these items are there even if not yet decrypted. Encrypted items are mostly read-only to the user, except that they can be deleted.
## Enabling and disabling encryption
Enabling/disabling E2EE while two clients are in sync might have an unintuitive behaviour (although that behaviour might be correct), so below some scenarios are explained:
- If client 1 enables E2EE, all items will be synced to target and will appear encrypted on target. Although all items have been re-uploaded to the target, their timestamps did *not* change (because the item data itself has not changed, only its representation). Because of this, client 2 will not be re-download the items - it does not need to do so anyway since it has already the item data.
- When a client sync and download a master key for the first time, encryption will be automatically enabled (user will need to supply the master key password). In that case, all items that are not encrypted will be re-synced. Uploading only non-encrypted items is an optimisation since if an item is already encrypted locally it means it's encrytped on target too.
- If both clients are in sync with E2EE enabled: if client 1 disable E2EE, it's going to re-upload all the items unencrypted. Client 2 again will not re-download the items for the same reason as above (data did not change, only representation). Note that user *must* manually disable E2EE on all clients otherwise some will continue to upload encrypted items. Since synchronisation is stateless, clients do not know whether other clients use E2EE or not so this step has to be manual.
- Although messy, Joplin supports having some clients send encrypted and others unencrypted ones. The situation gets resolved once all the clients have the same E2EE settings.

View File

@ -43,6 +43,13 @@ class EncryptionService {
return this.logger_;
}
async generateMasterKeyAndEnableEncryption(password) {
let masterKey = await this.generateMasterKey(password);
masterKey = await MasterKey.save(masterKey);
await this.enableEncryption(masterKey, password);
await this.loadMasterKeysFromSettings();
}
async enableEncryption(masterKey, password = null) {
Setting.setValue('encryption.enabled', true);
Setting.setValue('encryption.activeMasterKeyId', masterKey.id);