Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Temporarily save password for private key during session #840

Closed
codiflow opened this issue Jan 9, 2023 · 3 comments
Closed

Temporarily save password for private key during session #840

codiflow opened this issue Jan 9, 2023 · 3 comments
Labels
enhancement New feature or request

Comments

@codiflow
Copy link

codiflow commented Jan 9, 2023

Is your feature request related to a problem? Please describe.
I really want to sign the emails I send out using my OpenPGP key. Unfortunately I have to enter my password for the OpenPGP key every time I send an email. This slows down the process of writing an email and helps people to choose a weak (or maybe no) password for their key.

Describe the solution you'd like
I would favor a solution like in Roundcube which offers to save my key temporarily in my browser for as long as the session stays valid (you could alternatively choose a custom time span).

Describe alternatives you've considered
Another alternative would be to mark the field as "password" field so that I can save the password in my browser. But I don't consider this solution as very secure so I would favor the first approach.

Additional context
This is the feature in Roundcube:

image
@the-djmaze the-djmaze added the enhancement New feature or request label Jan 9, 2023
@the-djmaze
Copy link
Owner

Unfortunately I have to enter my password for the OpenPGP key every time I send an email

Correct.
SnappyMail can't see if your computer is locked when you are away from your keyboard.
So maybe someone else is sending emails in your behalf?

But indeed an option to "remember password" could be added.

@codiflow
Copy link
Author

codiflow commented Feb 2, 2023

Hey @the-djmaze THANKS a lot for this feature. Works like a charm.

Just two things where I don't know if they are on purpose:

  1. I have to enter the password again after switching accounts or reloading the window. So it seems to be login-session-based and not browser-session-based is that on purpose? Just good to know when I have to enter the password again.
  2. If I enter a wrong password I have to reload the browser window / logout and relogin to be able to enter the correct password again because it won't display me the password prompt again:

2023-02-02_13-49

Again THANKS for this feature making the usage of secure technologies like signing mails easier for me :-)

@the-djmaze
Copy link
Owner

  1. I have to enter the password again after switching accounts or reloading the window. So it seems to be login-session-based and not browser-session-based is that on purpose? Just good to know when I have to enter the password again.

They are stored in a JavaScript Map() (not sessionStorage) so any time the page reloads/refreshes they are gone.
Could be changed to use sessionStorage though.

  1. If I enter a wrong password I have to reload the browser window / logout and relogin to be able to enter the correct password again because it won't display me the password prompt again.

Ok that is a bug then :)

the-djmaze pushed a commit that referenced this issue Feb 2, 2023
Don't remember OpenPGP key passphrase when it fails #840
acc1c0b
the-djmaze pushed a commit that referenced this issue Feb 2, 2023
Don't remember GnuPGP key passphrase when it fails #840
73e6848
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@the-djmaze @codiflow