Cannot delete old keys, and new keys don't decrypt immediately upon Import

lavab / web

AngularJS web client of Lavaboom's email service

https://mail.lavaboom.com

38 stars 21 forks source link

Cannot delete old keys, and new keys don't decrypt immediately upon Import #852

Closed satirist closed 9 years ago

satirist commented 9 years ago

OS, browser: Mac OS 10.6.8, Chrome Version 44.0.2403.39 beta (64-bit)

Screenshots: Attached

Console logs: LMK if needed at specific steps etc.

Walking through the screenshots...

We log in but have kept our private key local, so get alerted to that.
So, let's import our private key…
Boom, done. Ah, now things get interesting: a. That loaded both our original key from 5/9 and our replacement key from 5/30. b. Both remain encrypted. c. We can't delete the original key from 5/9 (Auugh, want to get it out of there!)
Hey, let's now try logging out and then back in again.
Well, how about that! The old key's still unusable, but the newer one decrypted.

So, (2) issues to solve here(?):

First, ability to decrypt locally-retained keys without having to "Fonzie-smack" things with the login / logout move.

Second, ability to delete old keys if they're corrupted.

JPL1 commented 9 years ago

I have this issue too. Am waiting for my account to be reset.

paulhugel commented 9 years ago

If lavaboom Sync is off and you log-out what happens if you clear the Chrome browsing data for one hour ? Quit Chrome and relaunch Lavaboom are the keys gone ? screen shot 2015-06-11 at 1 26 00 pm

satirist commented 9 years ago

Yes, I normally clear everything there when I quit Chrome and it doesn't make any difference to the problems I'm seeing. So when I either quit Chrome or manually clear browsing data, the private keys disappear as expected and then I have to re-Import if I want to use Lavaboom again. So that's great.

screen shot 2015-06-11 at 6 08 38 pm

So the issues are

a. When I Import my private key (.json file), both the 5/9 and 5/30 key appear, encrypted. b. I can't delete the 5/9 key which as I understand is corrupted per issues Lavaboom had that day. c. To get the (imported, valid) 5/30 key to decrypt, I must next log out of Lavaboom, then back in again.

JPL1 commented 9 years ago

a. When I Import my private key (.json file), both the 5/9 and 5/30 key appear, encrypted. b. I can't delete the 5/9 key which as I understand is corrupted per issues Lavaboom had that day. c. To get the (imported, valid) 5/30 key to decrypt, I must next log out of Lavaboom, then back in again.

I have exactly the same problem, except even if I log out and back in again, and even if I use another browser and/or another PC I cannot decrypt the keys. Still waiting for someone at Lavaboom to reset my account .....

let4be commented 9 years ago

@satirist this is intended behavior of not auto-decrypting imported private keys. Lavaboom does NOT know the password private key is encrypted with once you are inside your account(security measure).

you can easily decrypt any given private key manually without logout/login just enter your passphrase here

"Enter your passphrase" at the bottom

P.S. this is going to be re-designed soon to make it simpler ;)

let4be commented 9 years ago

So I'm closing this, keys delete functionality coming soon along with security/keys redesign. Keep and eye for updates ;)

satirist commented 9 years ago

Ah, OK cool.

Thanks, and will do.