diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Config/Application.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Config/Application.php index 0ce4052aa..0621cff84 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Config/Application.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Config/Application.php @@ -235,6 +235,7 @@ Warning: only enable when server does not do this, else double compression error 'admin_login' => array('admin', 'Login and password for web admin panel'), 'admin_password' => array(''), 'admin_totp' => array(''), + 'insecure_cryptkey' => array(false, 'Use email address instead of login password for encrypting sensitive data (like account passwords)'), 'force_https' => array(false), 'hide_x_mailer_header' => array(true), diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Model/MainAccount.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Model/MainAccount.php index 5a3427bd6..a44ca19fe 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Model/MainAccount.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Model/MainAccount.php @@ -21,7 +21,10 @@ class MainAccount extends Account if (!$sKey) { throw new ClientException(Notifications::CryptKeyError); } - $sKey = \SnappyMail\Crypt::EncryptToJSON($sKey, $this->IncPassword()); + $sPass = \RainLoop\Api::Config()->Get('security', 'insecure_cryptkey', false) + ? $this->Email() + : $this->ImapPass(); + $sKey = \SnappyMail\Crypt::EncryptToJSON($sKey, $sPass); if ($sKey) { $this->sCryptKey = null; if (\RainLoop\Api::Actions()->StorageProvider()->Put($this, StorageType::ROOT, '.cryptkey', $sKey)) { @@ -39,14 +42,17 @@ class MainAccount extends Account // can use the old password to re-seal the cryptkey $oStorage = \RainLoop\Api::Actions()->StorageProvider(); $sKey = $oStorage->Get($this, StorageType::ROOT, '.cryptkey'); + $sPass = \RainLoop\Api::Config()->Get('security', 'insecure_cryptkey', false) + ? $this->Email() + : $this->ImapPass(); if (!$sKey) { $sKey = \SnappyMail\Crypt::EncryptToJSON( - \sha1($this->IncPassword() . APP_SALT), - $this->IncPassword() + \sha1($this->ImapPass() . APP_SALT), + $sPass ); $oStorage->Put($this, StorageType::ROOT, '.cryptkey', $sKey); } - $sKey = \SnappyMail\Crypt::DecryptFromJSON($sKey, $this->IncPassword()); + $sKey = \SnappyMail\Crypt::DecryptFromJSON($sKey, $sPass); if (!$sKey) { throw new ClientException(Notifications::CryptKeyError); }