|
|
|
|
|
|
by pomnia
3512 days ago
|
|
|
When you add recipient your message is (decrypted using your id) copied and the copy is encrypted with the recipient email. Once the recipient logs in (their OAuth id becomes available) the email (verified by the OAuth) is used to decrypt the message copy and encrypted again this time with his/her id. That temporary email encrypted message is decryptable of course although there is no utility or UI for us to do so.
I guess we'd better store the owner Id and don't make copies, since it doesn't change anything security wise ... Yes, rogue admin can do harm ... |
|
|