Open tobihagemann opened 7 years ago
Hey @RiseT! Just moved this here to the Windows installer repository, because we can't/won't fix this for other operating systems. But we can certainly also delete ~/AppData/Roaming/Cryptomator/
in the uninstaller.
Question: Isn't the passphrase for each vault stored in some OS-maintained key chain? So does the passphrase stay there after uninstalling? And is a new passphrase added to that key chain with each reinstallation (so there are several passphrases entries for a single vault stored in the key chain after a couple of reinstallations)? Or is the old one overwritten?
We're using Windows Data Protection (aka. DPAPI). "Arbitrary data can be encrypted using this API, although storing the encrypted data is up to the developer." [cited from Stack Overflow] That's why we're putting the encrypted data in ~/AppData/Roaming/Cryptomator/keychain.json
.
There shouldn't be multiple passphrases stored in the keychain after reinstallation. If you create a new vault or add an existing one to Cryptomator, a randomly-generated ID will be stored in settings.json
for the vault. This is also the association for keychain.json
. I don't think a reinstallation of Cryptomator will have any effect on both these files, because they don't get deleted in the current uninstaller.
Btw, from the Stack Overflow article I can see that there are other options to store passwords securely on Windows >=8: https://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh465069.aspx
Hmmm... could be something to discuss for a future version...
A more recent approach to store credentials would be using the Credential Manager API: https://docs.microsoft.com/en-us/windows/win32/secauthn/credentials-management
From @RiseT on December 14, 2016 22:4
Basic Info
Description
I've noticed that stored passphrases are not deleted when uninstalling Cryptomator. So when you reinstall Cryptomator (possibly after months, years, ...), the passphrase field is still filled with the passphrase.
I'd just like to point this out. I'm aware that this comes down rather to a design decision than a bug, but deleting them when uninstalling would be the more secure alternative imho.
Copied from original issue: cryptomator/cryptomator#414