EKM keys refresh: allow removing keys, except when revoked + improve revoked handing #1768
Comments
|
Test the following cases:
|
|
This one sounds strange - "don't delete at least one key. To prevent unexpected issues we should be sure that at least one private key is existing in the app". What if customer just installed the app and doesn't have any keys yet? |
|
That's not about a fresh install. It relates to updating existing keys via EKM |
|
Actually, if EKM wants to delete all keys, you should be deleting all keys. What would currently happen to the app if you did that? Many things would not function (sending, opening email) but is it otherwise functional? |
|
The problem is we don't support it. A user should have at least one private key to prevent unexpected behavior. I really don't know what will happen and where in that case. In that case need to be ready for issues over the whole app. Today we have a big app... and too many places where we can have a bug. |
|
By the way, what is a reason to delete all user's keys? And leave a user without keys. |
|
Maybe they left the company, or maybe the admin deleted their keys with the intention to give them new ones. You could log the account out when this happens. Then at least you follow what EKM says - delete keys. |
Later we look into it as a separate issue to see if we could support situation of not having any keys anymore |
I think it will be interesting over all platforms |
same as FlowCrypt/flowcrypt-ios#1559
The text was updated successfully, but these errors were encountered: