HomePhabricator
Diffusion Comm 0dbcf0262f50

Check for the case of database encrypted with key that is lost

Description

Check for the case of database encrypted with key that is lost

Summary: Previous version of "validate_encryption" function ignored the case of database that is actually encrypted but with encryption key that is no longer available. If the database is unencrypted then we can attempt encryption process. If the database is encrypted with encryption key that is not longer available then encryption process will be constantly failing and app becomes useless. We didn’t encounter such a case yet but now that we want to create new encryption key every time user logs out we need to be prepared for such unfortunate scenario.

Test Plan: Uninstall the app. Comment out code that retrieves encryption key from secure store and hardcode some random 64-character hex string. Build the app. Kill the app, bring encryption key retrieval back and bud the app again (remember not to uninstall it at tis stage!!!). Without changes from this differential app will be constantly crashing on every launch. With changes from this differential app will work correctly.

Reviewers: tomek, ashoat, jon

Reviewed By: tomek

Subscribers: ashoat, adrian, atul, abosh

Differential Revision: https://phab.comm.dev/D4846

Details