From fbab8ceeef0d4e313d58a774915452718ed475bf Mon Sep 17 00:00:00 2001 From: David Baker Date: Tue, 20 Nov 2018 13:11:58 +0000 Subject: [PATCH] Passphrase based key backups Add passphrase support to backup creation stage --- res/css/_common.scss | 5 + res/css/_components.scss | 1 + .../keybackup/_CreateKeyBackupDialog.scss | 39 +++ .../keybackup/CreateKeyBackupDialog.js | 302 ++++++++++++++---- src/i18n/strings/en_EN.json | 46 ++- 5 files changed, 316 insertions(+), 77 deletions(-) create mode 100644 res/css/views/dialogs/keybackup/_CreateKeyBackupDialog.scss diff --git a/res/css/_common.scss b/res/css/_common.scss index 9123e5ba8d..11e04f5dc0 100644 --- a/res/css/_common.scss +++ b/res/css/_common.scss @@ -262,6 +262,11 @@ textarea { opacity: 0.7; } +.mx_linkButton { + cursor: pointer; + color: $accent-color; +} + .mx_Dialog_title { min-height: 16px; padding-top: 40px; diff --git a/res/css/_components.scss b/res/css/_components.scss index 9fd524104d..039bcd545b 100644 --- a/res/css/_components.scss +++ b/res/css/_components.scss @@ -46,6 +46,7 @@ @import "./views/dialogs/_SetPasswordDialog.scss"; @import "./views/dialogs/_ShareDialog.scss"; @import "./views/dialogs/_UnknownDeviceDialog.scss"; +@import "./views/dialogs/keybackup/_CreateKeyBackupDialog.scss"; @import "./views/directory/_NetworkDropdown.scss"; @import "./views/elements/_AccessibleButton.scss"; @import "./views/elements/_AddressSelector.scss"; diff --git a/res/css/views/dialogs/keybackup/_CreateKeyBackupDialog.scss b/res/css/views/dialogs/keybackup/_CreateKeyBackupDialog.scss new file mode 100644 index 0000000000..507c89ace7 --- /dev/null +++ b/res/css/views/dialogs/keybackup/_CreateKeyBackupDialog.scss @@ -0,0 +1,39 @@ +/* +Copyright 2018 New Vector Ltd + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +.mx_CreateKeyBackupDialog_primaryContainer { + /*FIXME: plinth colour in new theme(s). background-color: $accent-color;*/ + padding: 20px +} + +.mx_CreateKeyBackupDialog_passPhraseInput { + width: 300px; + border: 1px solid $accent-color; + border-radius: 5px; + padding: 10px; +} + +.mx_CreateKeyBackupDialog_passPhraseMatch { + float: right; +} + +.mx_CreateKeyBackupDialog_recoveryKeyButtons { + float: right; +} + +.mx_CreateKeyBackupDialog_recoveryKey { + width: 300px; +} diff --git a/src/components/views/dialogs/keybackup/CreateKeyBackupDialog.js b/src/components/views/dialogs/keybackup/CreateKeyBackupDialog.js index e561fe033c..ad68e15293 100644 --- a/src/components/views/dialogs/keybackup/CreateKeyBackupDialog.js +++ b/src/components/views/dialogs/keybackup/CreateKeyBackupDialog.js @@ -21,12 +21,13 @@ import Promise from 'bluebird'; import { _t, _td } from '../../../../languageHandler'; -const PHASE_INTRO = 0; -const PHASE_GENERATING = 1; +const PHASE_PASSPHRASE = 0; +const PHASE_PASSPHRASE_CONFIRM = 1; const PHASE_SHOWKEY = 2; -const PHASE_MAKEBACKUP = 3; -const PHASE_UPLOAD = 4; +const PHASE_KEEPITSAFE = 3; +const PHASE_BACKINGUP = 4; const PHASE_DONE = 5; +const PHASE_OPTOUT_CONFIRM = 6; // XXX: copied from ShareDialog: factor out into utils function selectText(target) { @@ -39,13 +40,16 @@ function selectText(target) { } /** - * Walks the user through the process of creating an e22 key backup + * Walks the user through the process of creating an e2e key backup * on the server. */ export default React.createClass({ getInitialState: function() { return { - phase: PHASE_INTRO, + phase: PHASE_PASSPHRASE, + passPhrase: '', + passPhraseConfirm: '', + copied: false, }; }, @@ -58,25 +62,25 @@ export default React.createClass({ this._recoveryKeyNode = n; }, - _copyRecoveryKey: function() { + _onCopyClick: function() { selectText(this._recoveryKeyNode); const successful = document.execCommand('copy'); if (successful) { - this.setState({copied: true}); + this.setState({ + copied: true, + phase: PHASE_KEEPITSAFE, + }); } }, _createBackup: function() { this.setState({ - phase: PHASE_MAKEBACKUP, + phase: PHASE_BACKINGUP, error: null, }); this._createBackupPromise = MatrixClientPeg.get().createKeyBackupVersion( this._keyBackupInfo, ).then((info) => { - this.setState({ - phase: PHASE_UPLOAD, - }); return MatrixClientPeg.get().backupAllGroupSessions(info.version); }).then(() => { this.setState({ @@ -98,61 +102,203 @@ export default React.createClass({ this.props.onFinished(true); }, - _generateKey: async function() { + _onOptOutClick: function() { + this.setState({phase: PHASE_OPTOUT_CONFIRM}); + }, + + _onSetUpClick: function() { + this.setState({phase: PHASE_PASSPHRASE}); + }, + + _onSkipPassPhraseClick: async function() { + this._keyBackupInfo = await MatrixClientPeg.get().prepareKeyBackupVersion(); this.setState({ - phase: PHASE_GENERATING, + copied: false, + phase: PHASE_SHOWKEY, }); - // Look, work is being done! - await Promise.delay(1200); - this._keyBackupInfo = MatrixClientPeg.get().prepareKeyBackupVersion(); + }, + + _onPassPhraseNextClick: function() { + this.setState({phase: PHASE_PASSPHRASE_CONFIRM}); + }, + + _onPassPhraseKeyPress: function(e) { + if (e.key === 'Enter') { + this._onPassPhraseNextClick(); + } + }, + + _onPassPhraseConfirmNextClick: async function() { + this._keyBackupInfo = await MatrixClientPeg.get().prepareKeyBackupVersion(this.state.passPhrase); + this.setState({ + copied: false, + phase: PHASE_SHOWKEY, + }); + }, + + _onPassPhraseConfirmKeyPress: function(e) { + if (e.key === 'Enter') { + this._onPassPhraseConfirmNextClick(); + } + }, + + _onSetAgainClick: function() { + this.setState({ + passPhrase: '', + passPhraseConfirm: '', + phase: PHASE_PASSPHRASE, + }); + }, + + _onKeepItSafeGotItClick: function() { this.setState({ phase: PHASE_SHOWKEY, }); }, - _renderPhaseIntro: function() { + _onPassPhraseChange: function(e) { + this.setState({ + passPhrase: e.target.value, + }); + }, + + _onPassPhraseConfirmChange: function(e) { + this.setState({ + passPhraseConfirm: e.target.value, + }); + }, + + _renderPhasePassPhrase: function() { + const DialogButtons = sdk.getComponent('views.elements.DialogButtons'); + const AccessibleButton = sdk.getComponent('elements.AccessibleButton'); + return
+

{_t("Secure your encrypted message history with a Recovery Passphrase.")}

+

{_t("You'll need it if you log out or lose access to this device.")}

+ +
+ +
+ + + +

{_t( + "If you don't want encrypted message history to be availble on other devices, "+ + ".", + {}, + { + button: sub => {sub}, + }, + )}

+

{_t( + "Or, if you don't want to create a Recovery Passphrase, skip this step and "+ + ".", + {}, + { + button: sub => {sub}, + }, + )}

+
; + }, + + _renderPhasePassPhraseConfirm: function() { + const AccessibleButton = sdk.getComponent('elements.AccessibleButton'); + + let passPhraseMatch = null; + if (this.state.passPhraseConfirm.length > 0) { + let matchText; + if (this.state.passPhraseConfirm === this.state.passPhrase) { + matchText = _t("That matches!"); + } else { + matchText = _t("That doesn't match."); + } + passPhraseMatch =
+
{matchText}
+
+ + {_t("Go back to set it again.")} + +
+
; + } const DialogButtons = sdk.getComponent('views.elements.DialogButtons'); return
-

To avoid ever losing your encrypted message history, you - can save your encryption keys on the server, protected by a recovery key. +

+ Type in your Recovery Passphrase to confirm you remember it. + If it helps, add it to your password manager or store it + somewhere safe.

-

To maximise security, your recovery key is never stored by the app, - so you must store it yourself somewhere safe.

-

Warning: storing your encryption keys on the server means that - if someone gains access to your account and also steals your recovery key, - they will be able to read all of your encrypted conversation history. -

- -

Do you wish to generate a recovery key and backup your encryption - keys on the server?

- - + {passPhraseMatch} +
+ +
+
+ ; }, _renderPhaseShowKey: function() { + const DialogButtons = sdk.getComponent('views.elements.DialogButtons'); return
-

{_t("Here is your recovery key:")}

-

- {this._keyBackupInfo.recovery_key} +

{_t("Make a copy of this Recovery Key and keep it safe.")}

+

{_t("As a safety net, you can use it to restore your encrypted message history if you forget your Recovery Passphrase.")}

+

+

{_t("Your Recovery Key")}
+
+ +
+
+ {this._keyBackupInfo.recovery_key} +

-

{_t("This key can decrypt your full message history.")}

-

{_t( - "When you've saved it somewhere safe, proceed to the next step where the key will be used to "+ - "create an encrypted backup of your message keys and then destroyed.", - )}

-
- - -
+ +
; + }, + + _renderPhaseKeepItSafe: function() { + let introText; + if (this.state.copied) { + introText = _t("Your Recovery Key has been copied to your clipboard, paste it to:"); + } + const DialogButtons = sdk.getComponent('views.elements.DialogButtons'); + return
+ {introText} +
    +
  • {_t("Print it and store it somewhere safe", {}, {b: s => {s}})}
  • +
  • {_t("Save it on a USB key or backup drive", {}, {b: s => {s}})}
  • +
  • {_t("Copy it to your personal cloud storage", {}, {b: s => {s}})}
  • +
+
; }, @@ -176,6 +322,39 @@ export default React.createClass({ ; }, + _renderPhaseOptOutConfirm: function() { + const DialogButtons = sdk.getComponent('views.elements.DialogButtons'); + return
+ Without setting up Secure Message Recovery, you won't be able to restore your + encrypted message history if you log out or use another device. + + + +
; + }, + + _titleForPhase: function(phase) { + switch (phase) { + case PHASE_PASSPHRASE: + return _t('Create a Recovery Passphrase'); + case PHASE_PASSPHRASE_CONFIRM: + return _t('Confirm Recovery Passphrase'); + case PHASE_OPTOUT_CONFIRM: + return _t('Warning!'); + case PHASE_SHOWKEY: + return _t('Recovery Key'); + case PHASE_KEEPITSAFE: + return _t('Keep it safe'); + case PHASE_BACKINGUP: + return _t('Backing up...'); + default: + return _t("Create Key Backup"); + } + }, + render: function() { const BaseDialog = sdk.getComponent('views.dialogs.BaseDialog'); @@ -194,32 +373,35 @@ export default React.createClass({ ; } else { switch (this.state.phase) { - case PHASE_INTRO: - content = this._renderPhaseIntro(); + case PHASE_PASSPHRASE: + content = this._renderPhasePassPhrase(); break; - case PHASE_GENERATING: - content = this._renderBusyPhase(_td("Generating recovery key...")); + case PHASE_PASSPHRASE_CONFIRM: + content = this._renderPhasePassPhraseConfirm(); break; case PHASE_SHOWKEY: content = this._renderPhaseShowKey(); break; - case PHASE_MAKEBACKUP: - content = this._renderBusyPhase(_td("Creating backup...")); + case PHASE_KEEPITSAFE: + content = this._renderPhaseKeepItSafe(); break; - case PHASE_UPLOAD: - content = this._renderBusyPhase(_td("Uploading keys...")); + case PHASE_BACKINGUP: + content = this._renderBusyPhase(_td("Backing up...")); break; case PHASE_DONE: content = this._renderPhaseDone(); break; + case PHASE_OPTOUT_CONFIRM: + content = this._renderPhaseOptOutConfirm(); + break; } } return (
{content} diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json index 3da5ff15a2..cac9b4ef59 100644 --- a/src/i18n/strings/en_EN.json +++ b/src/i18n/strings/en_EN.json @@ -252,6 +252,7 @@ "Room Colour": "Room Colour", "Enable widget screenshots on supported widgets": "Enable widget screenshots on supported widgets", "Show empty room list headings": "Show empty room list headings", + "Show developer tools": "Show developer tools", "Collecting app version information": "Collecting app version information", "Collecting logs": "Collecting logs", "Uploading report": "Uploading report", @@ -570,6 +571,7 @@ "Click here to fix": "Click here to fix", "To send events of type , you must be a": "To send events of type , you must be a", "Upgrade room to version %(ver)s": "Upgrade room to version %(ver)s", + "Open Devtools": "Open Devtools", "Who can access this room?": "Who can access this room?", "Only people who have been invited": "Only people who have been invited", "Anyone who knows the room's link, apart from guests": "Anyone who knows the room's link, apart from guests", @@ -959,30 +961,42 @@ "Share Room Message": "Share Room Message", "Link to selected message": "Link to selected message", "COPY": "COPY", - "Restore encryption keys": "Restore encryption keys", - "Verify this device": "Verify this device", - "Restore from online backup": "Restore from online backup", - "Restore from offline backup": "Restore from offline backup", "You are currently blacklisting unverified devices; to send messages to these devices you must verify them.": "You are currently blacklisting unverified devices; to send messages to these devices you must verify them.", "We recommend you go through the verification process for each device to confirm they belong to their legitimate owner, but you can resend the message without verifying if you prefer.": "We recommend you go through the verification process for each device to confirm they belong to their legitimate owner, but you can resend the message without verifying if you prefer.", "Room contains unknown devices": "Room contains unknown devices", "\"%(RoomName)s\" contains devices that you haven't seen before.": "\"%(RoomName)s\" contains devices that you haven't seen before.", "Unknown devices": "Unknown devices", - "Generate recovery key": "Generate recovery key", - "I'll stick to manual backups": "I'll stick to manual backups", - "Here is your recovery key:": "Here is your recovery key:", - "This key can decrypt your full message history.": "This key can decrypt your full message history.", - "When you've saved it somewhere safe, proceed to the next step where the key will be used to create an encrypted backup of your message keys and then destroyed.": "When you've saved it somewhere safe, proceed to the next step where the key will be used to create an encrypted backup of your message keys and then destroyed.", + "Secure your encrypted message history with a Recovery Passphrase.": "Secure your encrypted message history with a Recovery Passphrase.", + "You'll need it if you log out or lose access to this device.": "You'll need it if you log out or lose access to this device.", + "Enter a passphrase...": "Enter a passphrase...", + "Next": "Next", + "If you don't want encrypted message history to be availble on other devices, .": "If you don't want encrypted message history to be availble on other devices, .", + "Or, if you don't want to create a Recovery Passphrase, skip this step and .": "Or, if you don't want to create a Recovery Passphrase, skip this step and .", + "That matches!": "That matches!", + "That doesn't match.": "That doesn't match.", + "Go back to set it again.": "Go back to set it again.", + "Repeat your passphrase...": "Repeat your passphrase...", + "Make a copy of this Recovery Key and keep it safe.": "Make a copy of this Recovery Key and keep it safe.", + "As a safety net, you can use it to restore your encrypted message history if you forget your Recovery Passphrase.": "As a safety net, you can use it to restore your encrypted message history if you forget your Recovery Passphrase.", + "Your Recovery Key": "Your Recovery Key", "Copy to clipboard": "Copy to clipboard", - "Proceed": "Proceed", + "I've made a copy": "I've made a copy", + "Your Recovery Key has been copied to your clipboard, paste it to:": "Your Recovery Key has been copied to your clipboard, paste it to:", + "Print it and store it somewhere safe": "Print it and store it somewhere safe", + "Save it on a USB key or backup drive": "Save it on a USB key or backup drive", + "Copy it to your personal cloud storage": "Copy it to your personal cloud storage", + "Got it": "Got it", "Backup created": "Backup created", "Your encryption keys are now being backed up to your Homeserver.": "Your encryption keys are now being backed up to your Homeserver.", + "Set up Secure Message Recovery": "Set up Secure Message Recovery", + "Create a Recovery Passphrase": "Create a Recovery Passphrase", + "Confirm Recovery Passphrase": "Confirm Recovery Passphrase", + "Recovery Key": "Recovery Key", + "Keep it safe": "Keep it safe", + "Backing up...": "Backing up...", + "Create Key Backup": "Create Key Backup", "Unable to create key backup": "Unable to create key backup", "Retry": "Retry", - "Generating recovery key...": "Generating recovery key...", - "Creating backup...": "Creating backup...", - "Uploading keys...": "Uploading keys...", - "Create Key Backup": "Create Key Backup", "Unable to load backup status": "Unable to load backup status", "Unable to restore backup": "Unable to restore backup", "No backup found!": "No backup found!", @@ -1316,7 +1330,5 @@ "Import": "Import", "Failed to set direct chat tag": "Failed to set direct chat tag", "Failed to remove tag %(tagName)s from room": "Failed to remove tag %(tagName)s from room", - "Failed to add tag %(tagName)s to room": "Failed to add tag %(tagName)s to room", - "Open Devtools": "Open Devtools", - "Show developer tools": "Show developer tools" + "Failed to add tag %(tagName)s to room": "Failed to add tag %(tagName)s to room" }