1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2024-12-24 08:44:26 +00:00

Updated FAQ

This commit is contained in:
M66B 2022-10-18 08:30:26 +02:00
parent 25352a9fe5
commit 9af588d6bc

17
FAQ.md
View file

@ -4988,20 +4988,23 @@ Send is only available in non-Play Store versions of the app (since version 1.19
<a name="faq184"></a> <a name="faq184"></a>
**(184) How do I password protect content?** **(184) How do I password protect content?**
Select some text by long pressing it, and in the style toolbar at the bottom tap on the *<ins>A</ins>*-button and select *Password protect* in the pop-up menu. Password protected content is a simple, yet secure form of end-to-end encryption that requires no configuration.
How to use: select some text by long pressing it, and in the style toolbar at the bottom tap on the *<ins>A</ins>*-button and select *Password protect* in the pop-up menu.
This will replace the selected content with a link that the recipient can click to decrypt the content on a dedicated static web page.
Password protected content is sent as a [URI fragment](https://en.wikipedia.org/wiki/URI_fragment) and decrypted in the browser with JavaScript. Password protected content is sent as a [URI fragment](https://en.wikipedia.org/wiki/URI_fragment) and decrypted in the browser with JavaScript.
In other words, password protected content is never stored on or seen by third party servers. In other words, protected content is never stored on or seen by third party servers.
Password protected content is encrypted with AES/GCM with a 256 bits key derived with PBKDF2/SHA-512 with 120,000 iterations. Password protected content is encrypted with [AES](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) / [GCM](https://en.wikipedia.org/wiki/Galois/Counter_Mode)
with a 256 bits key derived with [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) / [SHA](https://en.wikipedia.org/wiki/Secure_Hash_Algorithms)-512 with 120,000 iterations.
With a sufficiently long/complex password, which is communicated to the recipient securely, this is considered safe in 2022 and for the foreseeable future. With a sufficiently long/complex password, which is communicated to the recipient securely, this is considered safe in 2022 and for the foreseeable future.
The maximum content size is 1,500 characters, which includes HTML formatting tags. The maximum content size is 1,500 bytes, which includes [HTML](https://en.wikipedia.org/wiki/HTML) formatting tags.
Images will be replaced with placeholders to reduce the content size, but other formatting, like bold, italic, etc., will be retained. Images will be replaced with placeholders to reduce the content size, but other formatting, like bold, italic, etc., will be retained.
[Cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) is prevented by using [DOMPurify](https://github.com/cure53/DOMPurify) (Apache License Version 2.0).
Cross-site scripting (XSS) is prevented by using [DOMPurify](https://github.com/cure53/DOMPurify) (Apache License Version 2.0). This feature is available since version 1.1985, but only in the GitHub version of the app.
This feature is available since version 1.1985. This feature is not available in the Play store version of the app.
Sending protected text is a pro feature, decrypting protected text is a free feature. Sending protected text is a pro feature, decrypting protected text is a free feature.