Restrict secret keys to 128 or 256 bits
This commit is contained in:
parent
faa8056d2d
commit
72bc29ba66
4 changed files with 11 additions and 0 deletions
|
@ -12,6 +12,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
||||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
|
||||||
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- Secret keys are now restricted to 128 bits (16 bytes) or 256 bits (32 bytes)
|
||||||
|
|
||||||
## [0.2.0] - 2023-08-11
|
## [0.2.0] - 2023-08-11
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
@ -35,6 +35,7 @@
|
||||||
"cancel": "@:invariants.controls.cancel",
|
"cancel": "@:invariants.controls.cancel",
|
||||||
"error": {
|
"error": {
|
||||||
"invalidBase64": "The key must be a valid base64 string.",
|
"invalidBase64": "The key must be a valid base64 string.",
|
||||||
|
"invalidKeyLength": "The key's length must be either 128 bits (16 bytes) or 256 bits (32 bytes).",
|
||||||
"invalidSeparator": "The separator must be a single character.",
|
"invalidSeparator": "The separator must be a single character.",
|
||||||
"cameraNotAllowed": "Camera access permission was not granted.",
|
"cameraNotAllowed": "Camera access permission was not granted.",
|
||||||
"cameraNotFound": "No camera detected.",
|
"cameraNotFound": "No camera detected.",
|
||||||
|
|
|
@ -35,6 +35,7 @@
|
||||||
"cancel": "@:invariants.controls.cancel",
|
"cancel": "@:invariants.controls.cancel",
|
||||||
"error": {
|
"error": {
|
||||||
"invalidBase64": "La clé doit être une chaîne de caractère en base64.",
|
"invalidBase64": "La clé doit être une chaîne de caractère en base64.",
|
||||||
|
"invalidKeyLength": "La longueur de la clé doit être de 128 bits (16 bytes) ou de 256 bits (32 bytes).",
|
||||||
"invalidSeparator": "La séparateur doit être un unique caractère.",
|
"invalidSeparator": "La séparateur doit être un unique caractère.",
|
||||||
"cameraNotAllowed": "L'accès à la caméra n'a pas été autorisé.",
|
"cameraNotAllowed": "L'accès à la caméra n'a pas été autorisé.",
|
||||||
"cameraNotFound": "Aucune caméra détectée.",
|
"cameraNotFound": "Aucune caméra détectée.",
|
||||||
|
|
|
@ -15,6 +15,7 @@ const separator = ref('+');
|
||||||
const domainName = ref('');
|
const domainName = ref('');
|
||||||
const privateKey = ref('');
|
const privateKey = ref('');
|
||||||
const errorMessageId = ref('');
|
const errorMessageId = ref('');
|
||||||
|
const authorizedKeyLengths = [16, 32];
|
||||||
|
|
||||||
const base64Decode = (str_b64) => {
|
const base64Decode = (str_b64) => {
|
||||||
try {
|
try {
|
||||||
|
@ -47,6 +48,9 @@ const addAccount = () => {
|
||||||
throw new Error('addAccount.error.invalidSeparator');
|
throw new Error('addAccount.error.invalidSeparator');
|
||||||
}
|
}
|
||||||
const key = base64Decode(privateKey.value);
|
const key = base64Decode(privateKey.value);
|
||||||
|
if (!authorizedKeyLengths.includes(key.length)) {
|
||||||
|
throw new Error('addAccount.error.invalidKeyLength');
|
||||||
|
}
|
||||||
const hash = sha256(`${localPart.value}@${domainName.value}`);
|
const hash = sha256(`${localPart.value}@${domainName.value}`);
|
||||||
const newAccount = {
|
const newAccount = {
|
||||||
id: base32Encode(hash, 'RFC4648', { padding: false }).toLowerCase(),
|
id: base32Encode(hash, 'RFC4648', { padding: false }).toLowerCase(),
|
||||||
|
|
Loading…
Reference in a new issue