-
-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Note always deleted when "Delete after reading" #307
Comments
Hi @adoyle-h Currently, the encrypted note payload is required to check if the password is correct or not. Here is the flow
The lock here is that the payload is needed to check the password, but the payload is deleted after the first read. Some options:
I'm not sure what to think about this, I'll think about it to see if there is a better solution. |
Hello, It seems the quick fix is Option 2. Another way is to create another endpoint to receive payload only after password validation. So: client checks if the password is set -> client asks for the password (if set) -> client sends the password to the server for validation -> client requests payload and decrypts the content with the same password (if valid). |
Thanks for the suggestion! Regarding the proposed endpoint to validate the password server-side, this approach unfortunately compromises the zero-knowledge architecture we’re aiming for. In our setup, the server should never see or process the password, as that would undermine the end-to-end encryption guarantee. The password needs to stay on the client side |
Then it seems there are only two ways for now:
|
Maybe the decryption handshake could be extended using a second encrypted payload(for which the server knows the plaintext content) with the same key. It would look like this:
Advantages:
Disadvantages:
|
Describe the bug
Create a note with "Delete after reading" checked. If user open the note with incorrect password. The note will be deleted.
What happened?
The note should not be deleted if user entered an incorrect password.
System information
Chrome 130.0.6723.70
Where did you encounter the bug?
Public app (enclosed.cc)
The text was updated successfully, but these errors were encountered: