Prevent key recovery for foreign vault #2161
Conversation
…at didn't sign the vault config
[ci skip]
There was a problem hiding this comment.
I really love this contribution 💚 : Reduced possibility to screw up a vault, reduced support on our side and improved usability.
Speaking about useability: Can you add in the ui a label with the cross icon when the text entered in the recover text box is not a valid recovery key. Otherwise the user would ask why she cannot click on the next button.
Like the positive case
and similar to the valid-path-label in the CreateNewVaultLocationController.
|
I tried but didn't succeed without adding a disproportionate amount of complexity in the fxml file, therefore I decided this issue is about preventing bad things from happening, not about explaining why a recovery key is considered invalid. The button being disabled without explanation is not a regression, so let's not use the review to sneak in other new features. 😉 |
overheadhunter
deleted the
feature/check-vaultconfig-sig-during-key-recovery
branch
Prevent using a recovery key if a vault config file exists and the provided key didn't sign it.
This fixes #2076 and prevents people from "false positive key recoveries" that led to follow-up errors (empty vault).