1834577 - Implement a cache for OpenPGP passphrase, with automatic timeout

Status: NEW

(MailNews Core :: Security: OpenPGP, enhancement)

Description

[Kai Engert [:KaiE:]]

Bug 1679278 implemented an option to protect OpenPGP secret keys with a user-defined passphrase. With that initial implementation, it's necessary to re-enter passphrases for every new operation that requires unlocked secret keys.

While the above is a mode that some users have asked for, many users might prefer a more relaxed behavior, in which an entered passphrase is cached for some time, so a few additional operations can be executed without having to enter the passphrase immediately again.

I suggest to implement a cache for passphrases, which can be configured with a timeout that users can configured.

I suggest to use two separate preferences. I will attach a small patch, in which I document the behavior I suggest.

Comment 1

[Kai Engert [:KaiE:]]

Attachment: WIP: Bug 1834577 - Define preferences for the OpenPGP passphrase cache.

Comment 2

[Ferenc Veres]

Please note that on the original "closed" bug it' s not possible to add any more comments (or I don't know how). The page says "You need permission to comment on this closed bug. " - so please do not expect more comments there (as Wayne just asked in comment 91!). I was closely following the alpha builds and sent feedback - so I had no more to add and I was waiting for others to do test too.

Thank you for the great work Kai! I hope this cache setting will be ready for the same release. (I would plan just to set it similar to old Enigmail where I used 5 minutes (or that was the default). I think that renewed when the a key was used - so that was the keep_alive_period, and the other setting didn't exist (so that was infinite) - but I'm not sure anymore. But it's OK with those two settings for me - might be confusing to some users. I spent minutes re-reading their documentation to get the picture. ;-) ) (However after all, they are clear.)

Comment 3

[Kai Engert [:KaiE:]]

Ferenc, thanks for your feedback and praise. Unfortunately we weren't able to get this done in time for the 115 release.

Comment 4

[Kai Engert [:KaiE:]]

Looks like this will also miss version 128.
I have received no feedback that this feature is actually being used by anyone and that people are waiting for the cache.
(I still want to do it eventually, but I had focused on other important tasks in the meantime.)

Comment 5

[Ferenc Veres]

I have quite number of GPG mails, and this is crazy without a few minutes caching. :-) And I was afraid to turn it on seeing the related bug reports and "regressions" on the original issue. I don't want to type in a password a dozens of times a day just to be a tester. ;-) With cache, I will turn it on. One user is not enough of course, but many people who may need it, may not be tracking these two bugs. (They are probably not even aware of the feature coming. In my opinion this is how it should have been done in the original integration too.)

For now, I turned it on and will see. I think the feature itself is very well done, so I hope you will have the opportunity to finish it. I'll report back if I notice any problems.
Keep up the good work! Thank you!

Comment 7

[A]

(In reply to Kai Engert (:KaiE:) from comment #4)

I have received no feedback that this feature is actually being used by anyone and that people are waiting for the cache.

FWIW, we are actually using this feature… in Thunderbird 68. It's working fine there (via Enigmail) hence no complaints.

I was just trying v128 on a new personal computer (Tumbleweed) and I'm very pleased to see that the OpenPGP implementation is finally catching up to the sort of level that is needed when managing an OpenPGP-based PKI. 👍

Comment 8

[A]

Not sure if this comment belongs here but as a suggestion: I would expire the cache when the screen gets locked, either due to inactivity or to the user explicitly locking the desktop.

Of course this means that Thunderbird must be able to detect when the desktop gets locked.