From 3376e521b94c8dc4e53c07b8adf4aacc345828f9 Mon Sep 17 00:00:00 2001
From: Samuel Lorch <sam@soontm.de>
Date: Wed, 19 Mar 2025 15:34:28 +0100
Subject: [PATCH] Always Copy User Private Key to prevent it getting wiped

---
 api/client.go     |  1 +
 api/encryption.go | 21 ++++++++++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/api/client.go b/api/client.go
index 3acf427..0ce0701 100644
--- a/api/client.go
+++ b/api/client.go
@@ -26,6 +26,7 @@ type Client struct {
 
 	// userPublicKey has been removed since it can be gotten from the private userPrivateKey
 
+	// be sure to make a copy since using ClearPrivateParams on a handler also wipes the key...
 	userPrivateKey *crypto.Key
 	userID         string
 
diff --git a/api/encryption.go b/api/encryption.go
index 1ce2c8f..c39eee3 100644
--- a/api/encryption.go
+++ b/api/encryption.go
@@ -8,7 +8,12 @@ import (
 
 // EncryptMessage encrypts a message using the users public key and then signes the message using the users private key
 func (c *Client) EncryptMessage(message string) (string, error) {
-	encHandle, err := c.pgp.Encryption().SigningKey(c.userPrivateKey).Recipient(c.userPrivateKey).New()
+	key, err := c.userPrivateKey.Copy()
+	if err != nil {
+		return "", fmt.Errorf("Get Private Key Copy: %w", err)
+	}
+
+	encHandle, err := c.pgp.Encryption().SigningKey(key).Recipient(c.userPrivateKey).New()
 	if err != nil {
 		return "", fmt.Errorf("New Encryptor: %w", err)
 	}
@@ -34,7 +39,12 @@ func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string,
 		return "", fmt.Errorf("Get Public Key: %w", err)
 	}
 
-	encHandle, err := c.pgp.Encryption().SigningKey(c.userPrivateKey).Recipient(publicKey).New()
+	key, err := c.userPrivateKey.Copy()
+	if err != nil {
+		return "", fmt.Errorf("Get Private Key Copy: %w", err)
+	}
+
+	encHandle, err := c.pgp.Encryption().SigningKey(key).Recipient(publicKey).New()
 	if err != nil {
 		return "", fmt.Errorf("New Encryptor: %w", err)
 	}
@@ -55,7 +65,12 @@ func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string,
 
 // DecryptMessage decrypts a message using the users Private Key
 func (c *Client) DecryptMessage(armoredCiphertext string) (string, error) {
-	message, _, err := c.DecryptMessageWithPrivateKeyAndReturnSessionKey(c.userPrivateKey, armoredCiphertext)
+	key, err := c.userPrivateKey.Copy()
+	if err != nil {
+		return "", fmt.Errorf("Get Private Key Copy: %w", err)
+	}
+
+	message, _, err := c.DecryptMessageWithPrivateKeyAndReturnSessionKey(key, armoredCiphertext)
 	return message, err
 }