github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/secret_store_common.go

github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/libkb/secret_store_common.go (about)

     1  // Copyright 2015 Keybase, Inc. All rights reserved. Use of
     2  // this source code is governed by the included BSD license.
     3  
     4  //go:build linux || (!darwin && !android && !linux)
     5  // +build linux !darwin,!android,!linux
     6  
     7  package libkb
     8  
     9  func notifySecretStoreCreate(mctx MetaContext, username NormalizedUsername) {
    10  	mctx.Debug("got secret store file notifyCreate")
    11  
    12  	// check leveldb for existence of notification dismissal
    13  	dbobj, found, err := mctx.G().LocalDb.GetRaw(DbKeyNotificationDismiss(NotificationDismissPGPPrefix, username))
    14  	if err != nil {
    15  		mctx.Debug("notifySecretStoreCreate: localDb.GetRaw error: %s", err)
    16  		return
    17  	}
    18  	if found && string(dbobj) == NotificationDismissPGPValue {
    19  		mctx.Debug("notifySecretStoreCreate: %s already dismissed", NotificationDismissPGPPrefix)
    20  		return
    21  	}
    22  
    23  	// check keyring for pgp keys
    24  	// can't use the keyring in LoginState because this could be called
    25  	// within a LoginState request.
    26  	kr, err := LoadSKBKeyring(mctx, username)
    27  	if err != nil {
    28  		mctx.Debug("LoadSKBKeyring error: %s", err)
    29  		return
    30  	}
    31  	blocks, err := kr.AllPGPBlocks()
    32  	if err != nil {
    33  		mctx.Debug("keyring.AllPGPBlocks error: %s", err)
    34  		return
    35  	}
    36  
    37  	if len(blocks) == 0 {
    38  		mctx.Debug("notifySecretStoreCreate: no pgp blocks in keyring")
    39  		return
    40  	}
    41  
    42  	// pgp blocks exist, send a notification
    43  	mctx.Debug("user has pgp blocks in keyring, sending notification")
    44  	if mctx.G().NotifyRouter != nil {
    45  		mctx.G().NotifyRouter.HandlePGPKeyInSecretStoreFile()
    46  	}
    47  
    48  	// also log a warning (so CLI users see it)
    49  	mctx.Info(pgpStorageWarningText)
    50  
    51  	// Note: a separate RPC, callable by CLI or electron, will dismiss
    52  	// this warning by inserting into leveldb.
    53  }
    54  
    55  const pgpStorageWarningText = `
    56  Policy change on passphrases
    57  
    58  We've gotten lots of feedback that it's annoying as all hell to enter a
    59  Keybase passphrase after restarts and updates. The consensus is you can
    60  trust a device's storage to keep a secret that's specific to that device.
    61  Passphrases stink, like passed gas, and are bloody painful, like passed stones.
    62  
    63  Note, however: on this device you have a PGP private key in Keybase's local
    64  keychain.  Some people want to type a passphrase to unlock their PGP key, and
    65  this new policy would bypass that. If you're such a person, you can run the
    66  following command to remove your PGP private key.
    67  
    68      keybase pgp purge
    69  
    70  If you do it, you'll have to use GPG for your PGP operations.
    71  
    72  If you're ok with the new policy, you can run this command so you won't
    73  get bothered with this message in the future:
    74  
    75      keybase dismiss pgp-storage
    76  
    77  Thanks!`