Restrict secret keys to 128 or 256 bits
This commit is contained in:
parent
faa8056d2d
commit
72bc29ba66
4 changed files with 11 additions and 0 deletions
|
@ -12,6 +12,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
|
||||
## [Unreleased]
|
||||
|
||||
### Changed
|
||||
- Secret keys are now restricted to 128 bits (16 bytes) or 256 bits (32 bytes)
|
||||
|
||||
## [0.2.0] - 2023-08-11
|
||||
|
||||
### Added
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
"cancel": "@:invariants.controls.cancel",
|
||||
"error": {
|
||||
"invalidBase64": "The key must be a valid base64 string.",
|
||||
"invalidKeyLength": "The key's length must be either 128 bits (16 bytes) or 256 bits (32 bytes).",
|
||||
"invalidSeparator": "The separator must be a single character.",
|
||||
"cameraNotAllowed": "Camera access permission was not granted.",
|
||||
"cameraNotFound": "No camera detected.",
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
"cancel": "@:invariants.controls.cancel",
|
||||
"error": {
|
||||
"invalidBase64": "La clé doit être une chaîne de caractère en base64.",
|
||||
"invalidKeyLength": "La longueur de la clé doit être de 128 bits (16 bytes) ou de 256 bits (32 bytes).",
|
||||
"invalidSeparator": "La séparateur doit être un unique caractère.",
|
||||
"cameraNotAllowed": "L'accès à la caméra n'a pas été autorisé.",
|
||||
"cameraNotFound": "Aucune caméra détectée.",
|
||||
|
|
|
@ -15,6 +15,7 @@ const separator = ref('+');
|
|||
const domainName = ref('');
|
||||
const privateKey = ref('');
|
||||
const errorMessageId = ref('');
|
||||
const authorizedKeyLengths = [16, 32];
|
||||
|
||||
const base64Decode = (str_b64) => {
|
||||
try {
|
||||
|
@ -47,6 +48,9 @@ const addAccount = () => {
|
|||
throw new Error('addAccount.error.invalidSeparator');
|
||||
}
|
||||
const key = base64Decode(privateKey.value);
|
||||
if (!authorizedKeyLengths.includes(key.length)) {
|
||||
throw new Error('addAccount.error.invalidKeyLength');
|
||||
}
|
||||
const hash = sha256(`${localPart.value}@${domainName.value}`);
|
||||
const newAccount = {
|
||||
id: base32Encode(hash, 'RFC4648', { padding: false }).toLowerCase(),
|
||||
|
|
Loading…
Reference in a new issue