feat: implement wallet decryption in getDeviceFromDatabase for birthday-setup and all wallet loading

src/services/service.ts

@@ -1832,7 +1832,56 @@ export default class Services {
     const walletStore = 'wallet';
     try {
       const dbRes = await db.getObject(walletStore, '1');
-      if (dbRes) {
+      if (!dbRes) {
+        return null;
+      }
+
+      // Check if data is encrypted (new format) or plain (old format)
+      if (dbRes['encrypted_device']) {
+        // New encrypted format - need to decrypt
+        console.log('🔐 Wallet found in encrypted format, decrypting...');
+        
+        // Get the PBKDF2 key based on security mode
+        const { SecureCredentialsService } = await import('./secure-credentials.service');
+        const secureCredentialsService = SecureCredentialsService.getInstance();
+        
+        // Get all security modes to find which one works
+        const allSecurityModes = ['browser', 'otp', 'password', 'none', 'os', 'proton-pass'];
+        let pbkdf2Key: string | null = null;
+        let workingMode: string | null = null;
+        
+        for (const mode of allSecurityModes) {
+          try {
+            const key = await secureCredentialsService.retrievePBKDF2Key(mode as any);
+            if (key) {
+              pbkdf2Key = key;
+              workingMode = mode;
+              break;
+            }
+          } catch (e) {
+            // Continue to next mode
+          }
+        }
+        
+        if (!pbkdf2Key) {
+          throw new Error('Failed to retrieve PBKDF2 key - cannot decrypt wallet');
+        }
+        
+        // Decrypt the device
+        const { EncryptionService } = await import('./encryption.service');
+        const encryptionService = EncryptionService.getInstance();
+        
+        const decryptedDeviceString = await encryptionService.decrypt(
+          dbRes['encrypted_device'],
+          pbkdf2Key
+        );
+        
+        const decryptedDevice = JSON.parse(decryptedDeviceString);
+        console.log('✅ Wallet decrypted successfully');
+        return decryptedDevice;
+      } else if (dbRes['device']) {
+        // Old plain format (backward compatibility)
+        console.log('⚠️ Wallet found in old format (not encrypted)');
         return dbRes['device'];
       } else {
         return null;