Idea: for a group, store the passphrase in clear in the SecureStore of the phone, and unlock the group via Fingerprint. If it's successful, load the passphrase from the SecureStore.
This is more an epic than a task, so feel free to spin up multiple tasks or PRs.
models/Group
Add a new deviceSecurity property, set to true if we store in the device. This should be read in import BUT NOT serialized.
InitGroupScreen
the first option (secure) should only be visible if the device supports fingerprint and it's enabled -- this also includes setting properly the initial state/default value to 1 instead of 0
getGroupInstance, if securityLevel is 0, should return a Group model with deviceSecurity=true.
The logic to unlock should be modified. If the group has deviceSecurity == true then we use the fingerprint and, if successful, we read from the secure storage
To be precise, I think we should 1. read from the secure storage. If the key is present, present the fingerprint. If it's successful, use it. 2. if the key is not present, ask the user for the passphrase (like now). 3. if the key was not there, but deviceSecurity is true, then store the key. So the next time fingerprint will work transparently
Ideally all this logic is in GroupPassPrompt, and SecretList remains untouched, but I'm not sure
added Config.DeviceSecurity to tell if fingerprint is available on the device: this depends on 2 parts, the hardware supports it, and the user enabled it on the device
Group.deviceSecurity is serialized, otherwise we can't read it -- when I wrote the specs I was thinking to serialized for export, but in reality serialized is also used for local store
I've reordered the security levels, so now fingerprint is the last one -- this keeps the code easier, because this option is available or not based on Config.DeviceSecurity
Idea: for a group, store the passphrase in clear in the SecureStore of the phone, and unlock the group via Fingerprint. If it's successful, load the passphrase from the SecureStore.
This is more an epic than a task, so feel free to spin up multiple tasks or PRs.
models/Group Add a new
deviceSecurity
property, set totrue
if we store in the device. This should be read in import BUT NOT serialized.InitGroupScreen
SecretList / GroupPassPrompt