diff --git a/src/CrossSigningManager.js b/src/CrossSigningManager.js
index 085764214f..6922214d19 100644
--- a/src/CrossSigningManager.js
+++ b/src/CrossSigningManager.js
@@ -20,6 +20,7 @@ import {MatrixClientPeg} from './MatrixClientPeg';
import { deriveKey } from 'matrix-js-sdk/src/crypto/key_passphrase';
import { decodeRecoveryKey } from 'matrix-js-sdk/src/crypto/recoverykey';
import { _t } from './languageHandler';
+import SettingsStore from './settings/SettingsStore';
// This stores the secret storage private keys in memory for the JS SDK. This is
// only meant to act as a cache to avoid prompting the user multiple times
@@ -27,7 +28,14 @@ import { _t } from './languageHandler';
// single secret storage operation, as it will clear the cached keys once the
// operation ends.
let secretStorageKeys = {};
-let cachingAllowed = false;
+let secretStorageBeingAccessed = false;
+
+function isCachingAllowed() {
+ return (
+ secretStorageBeingAccessed ||
+ SettingsStore.getValue("keepSecretStoragePassphraseForSession")
+ );
+}
async function getSecretStorageKey({ keys: keyInfos }) {
const keyInfoEntries = Object.entries(keyInfos);
@@ -37,7 +45,7 @@ async function getSecretStorageKey({ keys: keyInfos }) {
const [name, info] = keyInfoEntries[0];
// Check the in-memory cache
- if (cachingAllowed && secretStorageKeys[name]) {
+ if (isCachingAllowed() && secretStorageKeys[name]) {
return [name, secretStorageKeys[name]];
}
@@ -71,7 +79,7 @@ async function getSecretStorageKey({ keys: keyInfos }) {
const key = await inputToKey(input);
// Save to cache to avoid future prompts in the current session
- if (cachingAllowed) {
+ if (isCachingAllowed()) {
secretStorageKeys[name] = key;
}
@@ -104,7 +112,7 @@ export const crossSigningCallbacks = {
*/
export async function accessSecretStorage(func = async () => { }) {
const cli = MatrixClientPeg.get();
- cachingAllowed = true;
+ secretStorageBeingAccessed = true;
try {
if (!await cli.hasSecretStorageKey()) {
@@ -143,7 +151,9 @@ export async function accessSecretStorage(func = async () => { }) {
return await func();
} finally {
// Clear secret storage key cache now that work is complete
- cachingAllowed = false;
- secretStorageKeys = {};
+ secretStorageBeingAccessed = false;
+ if (!isCachingAllowed()) {
+ secretStorageKeys = {};
+ }
}
}
diff --git a/src/components/views/settings/tabs/user/LabsUserSettingsTab.js b/src/components/views/settings/tabs/user/LabsUserSettingsTab.js
index ec5f984d46..2b992c7add 100644
--- a/src/components/views/settings/tabs/user/LabsUserSettingsTab.js
+++ b/src/components/views/settings/tabs/user/LabsUserSettingsTab.js
@@ -66,6 +66,7 @@ export default class LabsUserSettingsTab extends React.Component {
+
);
diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json
index aa73777b3c..154e8d0d28 100644
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@@ -413,6 +413,7 @@
"Send read receipts for messages (requires compatible homeserver to disable)": "Send read receipts for messages (requires compatible homeserver to disable)",
"Show previews/thumbnails for images": "Show previews/thumbnails for images",
"Enable message search in encrypted rooms": "Enable message search in encrypted rooms",
+ "Keep secret storage passphrase in memory for this session": "Keep secret storage passphrase in memory for this session",
"Collecting app version information": "Collecting app version information",
"Collecting logs": "Collecting logs",
"Uploading report": "Uploading report",
diff --git a/src/settings/Settings.js b/src/settings/Settings.js
index 0ab30e02e1..5ea871dc69 100644
--- a/src/settings/Settings.js
+++ b/src/settings/Settings.js
@@ -485,4 +485,9 @@ export const SETTINGS = {
displayName: _td("Enable message search in encrypted rooms"),
default: true,
},
+ "keepSecretStoragePassphraseForSession": {
+ supportedLevels: LEVELS_DEVICE_ONLY_SETTINGS,
+ displayName: _td("Keep secret storage passphrase in memory for this session"),
+ default: false,
+ },
};