-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retry password request during decryption. #2018
base: main
Are you sure you want to change the base?
Retry password request during decryption. #2018
Conversation
int attempts = 3; | ||
while (attempts--) { | ||
errcode = RNP_ERROR_NO_SUITABLE_KEY; | ||
if (!seckey->unlock(*handler->password_provider, PGP_OP_DECRYPT)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here and below we should take in account case when there are multiple recipients of the message, and user want to enter password only to the particular one. This may be checked by returning result of password provider call - false or true.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also we should make number of password request tries configurable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may be checked by returning result of password provider call - false or true.
In case of a rnp
cli tool and password provider that reads from the pass-fd
, it does not check the keyid, so the password and true
result would be returned every time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise this code should still succeed when one of the passwords matches one of the keys, just many "Bad password" messages will be printed on stderr as a side effect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In case of a
rnp
cli tool and password provider that reads from thepass-fd
, it does not check the keyid, so the password andtrue
result would be returned every time.
These changes are mostly not for CLI, but for other FFI users (like TB), to let them repeat the password request if needed.
No description provided.