github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/deprovision.go (about) 1 package libkb 2 3 // XXX: THIS DELETES SECRET KEYS. Deleting the wrong secret keys can make you 4 // lose all your data forever. We only run this in the DeprovisionEngine and if 5 // we detect that our device was revoked in LogoutAndDeprovisionIfRevoked. 6 func ClearSecretsOnDeprovision(mctx MetaContext, username NormalizedUsername) error { 7 // 1. Delete all the user's secret keys!!! 8 // 2. Delete the user's ephemeralKeys 9 // 3. Delete the user from the config file. 10 // 4. Db nuke. 11 12 epick := FirstErrorPicker{} 13 14 var logger func(string, ...interface{}) 15 if mctx.UIs().LogUI == nil { 16 logger = mctx.Info 17 } else { 18 logger = mctx.UIs().LogUI.Info 19 } 20 21 if clearSecretErr := ClearStoredSecret(mctx, username); clearSecretErr != nil { 22 mctx.Warning("ClearStoredSecret error: %s", clearSecretErr) 23 } 24 25 // XXX: Delete the user's secret keyring. It's very important that we never 26 // do this to the wrong user. Please do not copy this code :) 27 logger("Deleting %s's secret keys file...", username.String()) 28 filename := mctx.G().SKBFilenameForUser(username) 29 epick.Push(ShredFile(filename)) 30 31 logger("Deleting %s's ephemeralKeys...", username.String()) 32 // NOTE: We only store userEK/teamEK boxes locally and these are removed in 33 // the LocalDb.Nuke() below so we just delete any deviceEKs here. 34 deviceEKStorage := mctx.G().GetDeviceEKStorage() 35 if deviceEKStorage != nil { 36 epick.Push(deviceEKStorage.ForceDeleteAll(mctx, username)) 37 } 38 39 logger("Deleting %s from config.json...", username.String()) 40 epick.Push(mctx.SwitchUserDeprovisionNukeConfig(username)) 41 42 logger("Clearing the local cache db...") 43 _, err := mctx.G().LocalDb.Nuke() 44 epick.Push(err) 45 46 logger("Clearing the local cache chat db...") 47 _, err = mctx.G().LocalChatDb.Nuke() 48 epick.Push(err) 49 50 logger("Deprovision finished.") 51 return epick.Error() 52 }