We have a flag for recoveryEnabled which triggers the encryption on login.
However, until they have logged in, they are not actually ready for decryption. We need to store this additional status somehow. I suggest a flag/marker on the user, that is added after the recovery key is used to re-encrypt the files. This should be checked when attempting to decrypt.
We have a flag for
recoveryEnabledwhich triggers the encryption on login.However, until they have logged in, they are not actually ready for decryption. We need to store this additional status somehow. I suggest a flag/marker on the user, that is added after the recovery key is used to re-encrypt the files. This should be checked when attempting to decrypt.