YunoHost-Apps / kresus_ynh

Kresus (personal finance manager) for YunoHost
https://kresus.org/
GNU Affero General Public License v3.0
20 stars 20 forks source link

find a solution to allow saving the "salt" value in config #92

Closed bnjbvr closed 3 years ago

bnjbvr commented 3 years ago

A user has complained that they couldn't import an encrypted export after reinstalling yunohost entirely. My guess is that the salt value has changed across the two installations, thus explaining why they couldn't decrypt. I've just checked, and it seems that an install will always create a new random salt value. This is quite dangerous, because it can cause this particular issue that the user has observed.

Either the salt should either be explicitly set by the user (and left blank in the config.ini), or saved in a proper place one way or another. Or something else, I don't know. We could also add some warning in the encrypted export screen in Kresus so that a user is aware that they must save the salt.

nicofrand commented 3 years ago

The salt should be saved and used when restoring an instance already (see here, we get a salt "setting": https://github.com/YunoHost-Apps/kresus_ynh/blob/master/scripts/restore#L28).

My guess is the user reinstalled YunoHost without restoring an archive (which is the way to go if you want to restore your data) and installed a fresh new Kresus…