speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-05-07 17:08:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Always Copy User Private Key to prevent it getting wiped

Browse source
This commit is contained in:
Samuel Lorch 2025-03-19 15:34:28 +01:00
parent 118dd9624b
commit 3376e521b9
2 changed files with 19 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
api/client.go
View file

@ -26,6 +26,7 @@ type Client struct {
// userPublicKey has been removed since it can be gotten from the private userPrivateKey
// be sure to make a copy since using ClearPrivateParams on a handler also wipes the key...
userPrivateKey *crypto.Key
userID string

21
api/encryption.go
View file

@ -8,7 +8,12 @@ import (
// EncryptMessage encrypts a message using the users public key and then signes the message using the users private key
func (c *Client) EncryptMessage(message string) (string, error) {
encHandle, err := c.pgp.Encryption().SigningKey(c.userPrivateKey).Recipient(c.userPrivateKey).New()
key, err := c.userPrivateKey.Copy()
if err != nil {
return "", fmt.Errorf("Get Private Key Copy: %w", err)
}
encHandle, err := c.pgp.Encryption().SigningKey(key).Recipient(c.userPrivateKey).New()
if err != nil {
return "", fmt.Errorf("New Encryptor: %w", err)
}
@ -34,7 +39,12 @@ func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string,
return "", fmt.Errorf("Get Public Key: %w", err)
}
encHandle, err := c.pgp.Encryption().SigningKey(c.userPrivateKey).Recipient(publicKey).New()
key, err := c.userPrivateKey.Copy()
if err != nil {
return "", fmt.Errorf("Get Private Key Copy: %w", err)
}
encHandle, err := c.pgp.Encryption().SigningKey(key).Recipient(publicKey).New()
if err != nil {
return "", fmt.Errorf("New Encryptor: %w", err)
}
@ -55,7 +65,12 @@ func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string,
// DecryptMessage decrypts a message using the users Private Key
func (c *Client) DecryptMessage(armoredCiphertext string) (string, error) {
message, _, err := c.DecryptMessageWithPrivateKeyAndReturnSessionKey(c.userPrivateKey, armoredCiphertext)
key, err := c.userPrivateKey.Copy()
if err != nil {
return "", fmt.Errorf("Get Private Key Copy: %w", err)
}
message, _, err := c.DecryptMessageWithPrivateKeyAndReturnSessionKey(key, armoredCiphertext)
return message, err
}