sorted out the mess with various calls to clear/cache PGP passphrase that resulted in the passphrase staying in memory

libretroshare/src/rsserver/rsinit.cc

@@ -1927,20 +1927,26 @@ RsInit::LoadCertificateStatus RsLoginHelper::attemptLogin(const RsPeerId& accoun
 {
 	if(isLoggedIn()) return RsInit::ERR_ALREADY_RUNNING;
 
+    {
+        if(!RsAccounts::SelectAccount(account))
+            return RsInit::ERR_UNKNOWN;
+
         if(!password.empty())
         {
-		if(!rsNotify->cachePgpPassphrase(password)) return RsInit::ERR_UNKNOWN;
+            rsNotify->cachePgpPassphrase(password);
-		if(!rsNotify->setDisableAskPassword(true)) return RsInit::ERR_UNKNOWN;
+            rsNotify->setDisableAskPassword(true);
         }
-	if(!RsAccounts::SelectAccount(account)) return RsInit::ERR_UNKNOWN;
         std::string _ignore_lockFilePath;
         RsInit::LoadCertificateStatus ret = RsInit::LockAndLoadCertificates(false, _ignore_lockFilePath);
 
-	if(!rsNotify->setDisableAskPassword(false)) return RsInit::ERR_UNKNOWN;
+        rsNotify->setDisableAskPassword(false) ;
-	if(!rsNotify->clearPgpPassphrase()) return RsInit::ERR_UNKNOWN;
+        rsNotify->clearPgpPassphrase() ;
-	if(ret != RsInit::OK) return ret;
+
-	if(RsControl::instance()->StartupRetroShare() == 1) return RsInit::OK;
+        if(ret == RsInit::OK && RsControl::instance()->StartupRetroShare() == 1)
-	return RsInit::ERR_UNKNOWN;
+            return RsInit::OK;
+
+        return ret;
+    }
 }
 
 /*static*/ bool RsLoginHelper::collectEntropy(uint32_t bytes)

retroshare-gui/src/gui/GenCertDialog.cpp

@@ -636,9 +636,6 @@ void GenCertDialog::genPerson()
 
 		setCursor(Qt::ArrowCursor) ;
 	}
-	// now cache the PGP password so that it's not asked again for immediately signing the key
-	rsNotify->cachePgpPassphrase(ui.password_input->text().toUtf8().constData()) ;
-
 	//generate a random ssl password
 	std::string sslPasswd = RSRandom::random_alphaNumericString(RsInit::getSslPwdLen()) ;
 
@@ -650,6 +647,10 @@ void GenCertDialog::genPerson()
 	std::string err;
 	this->hide();//To show dialog asking password PGP Key.
 	std::cout << "RsAccounts::GenerateSSLCertificate" << std::endl;
+
+    // now cache the PGP password so that it's not asked again for immediately signing the key
+    rsNotify->cachePgpPassphrase(ui.password_input->text().toUtf8().constData()) ;
+
     bool okGen = RsAccounts::createNewAccount(PGPId, "", genLoc, "", isHiddenLoc, isAutoTor, sslPasswd, sslId, err);
 
 	if (okGen)
@@ -658,16 +659,23 @@ void GenCertDialog::genPerson()
 		RsInit::LoadPassword(sslPasswd);
 		if (Rshare::loadCertificate(sslId, false)) {
 
+        // Now clear the cached passphrase
+        rsNotify->clearPgpPassphrase();
+
             accept();
 		}
 	}
 	else
     {
+        // Now clear the cached passphrase
+        rsNotify->clearPgpPassphrase();
+
         /* Message Dialog */
         QMessageBox::warning(this,
                              tr("Profile generation failure"),
                              tr("Failed to generate your new certificate, maybe PGP password is wrong!"),
                              QMessageBox::Ok);
+
         reject();
     }
 }

retroshare-gui/src/gui/Identity/IdEditDialog.cpp

@@ -549,6 +549,8 @@ void IdEditDialog::createId()
 		std::string gpg_name = rsPeers->getGPGName(rsPeers->getGPGOwnId());
         bool cancelled;
 
+        rsNotify->clearPgpPassphrase(); // just in case
+
         if(!NotifyQt::getInstance()->askForPassword(tr("Profile password needed.").toStdString(),
 		                                            gpg_name + " (" + rsPeers->getOwnId().toStdString() + ")",
 		                                            false,

retroshare-gui/src/gui/StartDialog.cpp

@@ -126,6 +126,7 @@ void StartDialog::loadPerson()
 	bool res = Rshare::loadCertificate(accountId, ui.autologin_checkbox->isChecked()) ;
 
 	rsNotify->setDisableAskPassword(false);
+    rsNotify->clearPgpPassphrase();
 
 	if(res)
 		accept();