Closed bnjbvr closed 3 years ago
The salt should be saved and used when restoring an instance already (see here, we get a salt "setting": https://github.com/YunoHost-Apps/kresus_ynh/blob/master/scripts/restore#L28).
My guess is the user reinstalled YunoHost without restoring an archive (which is the way to go if you want to restore your data) and installed a fresh new Kresus…
A user has complained that they couldn't import an encrypted export after reinstalling yunohost entirely. My guess is that the salt value has changed across the two installations, thus explaining why they couldn't decrypt. I've just checked, and it seems that an install will always create a new random salt value. This is quite dangerous, because it can cause this particular issue that the user has observed.
Either the salt should either be explicitly set by the user (and left blank in the config.ini), or saved in a proper place one way or another. Or something else, I don't know. We could also add some warning in the encrypted export screen in Kresus so that a user is aware that they must save the salt.