-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
~/.config/Signal/sql/db.sqlite
now unencrypted?
#5097
Comments
I can confirm that |
Same here... I wasn't aware of the db being encrypted but that makes quite a lot of sense really. Also losing all conversations and contacts is a quite annoying litte side effect. |
I came to report the unexpected loss of the database. "Quite annoying" does not express how much of a major hassle this is. A recovery seems not to be possible. Maybe it can be left to the user if they want to set their take on the tradeoff between security and usability, e.g. mirror old messages between the phone and the desktop client. |
@aurelg did you test whats happening if you purge the signal database install a not affected gtk3 version as described in #4513 (comment)? |
I did not (yet). I'm using signal-desktop "in production", and it makes experimenting not that trivial. I'll do it asap - except if someone else tries first! 👍 |
@LukeLR confirmed the behavior #4513 (comment) Does it make sense to close this issue as the observed behavior is a consequence of #4513? |
Yes, I think it makes sense to close it. I'll follow #4513 very carefully. Thanks for your help! 👍 |
I've reopened this as #5245 because IMO this is Signal-Desktop's responsibility and their "unfortunate" design shouldn't waste the time of users and package maintainers. |
Bug Description
Archlinux, up-to-date as of 2021-03-13: signal-desktop 1.40.1 suddenly refused to start with an error message
SQLITE_NOTADB
, very much like #4513. It then asked to re-link to Signal running on my phone. The database is recreated anew: all messages are gone. I can live with it.However, after investigation, it seems that the database in
~/.config/Signal/sql/db.sqlite
- that used to be encrypted withsqlcipher
-, is now recreated without encryption: I can open it e.g. withsqlitebrowser
without even entering the key that was stored in~/.config/Signal/config.json
.I understand the encryption was pretty much useless since the key was stored in clear text, yet it surprises me that such a breaking change is implemented without further notification.
Steps to Reproduce
SQLITE_NOTADB
message~/.config/Signal/sql/db.sqlite
is recreatedActual Result:
After step 2,
~/.config/Signal/sql/db.sqlite
is not encrypted.Expected Result:
After step 2,
~/.config/Signal/sql/db.sqlite
should be encrypted.Platform Info
Signal Version:
1.40.1
Operating System:
Archlinux up to date as of 2021-03-13.
Linked Device Version:
5.4.12
The text was updated successfully, but these errors were encountered: