From 5c45e9c306009db6c7a62ce5507148c6b17eec88 Mon Sep 17 00:00:00 2001 From: David Baker Date: Tue, 28 Jan 2020 19:36:00 +0000 Subject: [PATCH] Add option to bootstrap to start new key backup The key backup needs to be signed by the cross-signing key so doing it here allows us to do it before we blow the private part out of memory. --- src/crypto/index.js | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/crypto/index.js b/src/crypto/index.js index 375b8f08a..26779185a 100644 --- a/src/crypto/index.js +++ b/src/crypto/index.js @@ -336,6 +336,9 @@ Crypto.prototype.createRecoveryKeyFromPassphrase = async function(password) { * called to await a secret storage key creation flow. * @param {object} [opts.keyBackupInfo] The current key backup object. If passed, * the passphrase and recovery key from this backup will be used. + * @param {bool} [opts.setupNewKeyBackup] If true, a new key backup version will be + * created and the private key stored in the new SSSS store. Ignored if keyBackupInfo + * is supplied. * Returns: * {Promise} A promise which resolves to key creation data for * SecretStorage#addKey: an object with `passphrase` and/or `pubkey` fields. @@ -344,6 +347,7 @@ Crypto.prototype.bootstrapSecretStorage = async function({ authUploadDeviceSigningKeys, createSecretStorageKey = async () => { }, keyBackupInfo, + setupNewKeyBackup, } = {}) { logger.log("Bootstrapping Secure Secret Storage"); @@ -467,6 +471,14 @@ Crypto.prototype.bootstrapSecretStorage = async function({ ); } } + + if (setupNewKeyBackup && !keyBackupInfo) { + const info = await this._baseApis.prepareKeyBackupVersion( + null /* random key */, + { secureSecretStorage: true }, + ); + await this._baseApis.createKeyBackupVersion(info); + } } finally { // Restore the original callbacks. NB. we must do this by manipulating // the same object since the CrossSigning class has a reference to the