From 26580aceedbf273e055d8d6fd1aa2675aca888e3 Mon Sep 17 00:00:00 2001 From: NicolasCantu Date: Sun, 26 Oct 2025 02:49:34 +0100 Subject: [PATCH] refactor: update all files to use centralized encryption service --- src/services/credentials/webauthn.service.ts | 4 +- src/services/secure-credentials.service.ts | 55 +++++++++----------- 2 files changed, 27 insertions(+), 32 deletions(-) diff --git a/src/services/credentials/webauthn.service.ts b/src/services/credentials/webauthn.service.ts index 6899f86..3947556 100644 --- a/src/services/credentials/webauthn.service.ts +++ b/src/services/credentials/webauthn.service.ts @@ -230,11 +230,11 @@ export class WebAuthnService { try { // Utiliser la clé publique WebAuthn pour chiffrer la clé PBKDF2 // Pour l'instant, on utilise un chiffrement AES-GCM avec une clé dérivée - const { EncryptionService } = await import('./encryption.service'); + const { EncryptionService } = await import('../encryption.service'); const encryptionService = EncryptionService.getInstance(); // Utiliser l'ID de la credential WebAuthn comme mot de passe pour chiffrer la clé PBKDF2 - const encryptedKey = await encryptionService.encryptWithPassword(key, credential.id); + const encryptedKey = await encryptionService.encrypt(key, credential.id); console.log('🔐 Key encrypted with WebAuthn credential'); return encryptedKey; diff --git a/src/services/secure-credentials.service.ts b/src/services/secure-credentials.service.ts index 26d70eb..116b5f1 100644 --- a/src/services/secure-credentials.service.ts +++ b/src/services/secure-credentials.service.ts @@ -154,7 +154,7 @@ export class SecureCredentialsService { }); // Import dynamique des services - const { EncryptionService } = await import('./credentials/encryption.service'); + const { EncryptionService } = await import('./encryption.service'); const { WebAuthnService } = await import('./credentials/webauthn.service'); const { StorageService } = await import('./credentials/storage.service'); @@ -203,7 +203,7 @@ export class SecureCredentialsService { // Demander un mot de passe à l'utilisateur et chiffrer la clé console.log('🔐 Storing PBKDF2 key with password encryption...'); const userPassword = await this.promptForPassword(); - const encryptedKey = await encryptionService.encryptWithPassword(pbkdf2Key, userPassword); + const encryptedKey = await encryptionService.encrypt(pbkdf2Key, userPassword); await storageService.storeEncryptedKey(encryptedKey, securityMode); break; @@ -313,29 +313,29 @@ export class SecureCredentialsService { }); // Import dynamique du service - const { EncryptionService } = await import('./credentials/encryption.service'); + const { EncryptionService } = await import('./encryption.service'); const encryptionService = EncryptionService.getInstance(); // Générer des clés aléatoires const keys = encryptionService.generateRandomKeys(); // Chiffrer les clés avec le mot de passe - const encryptedSpendKey = await encryptionService.encryptWithPassword( + const encryptedSpendKey = await encryptionService.encrypt( keys.spendKey, - password, - _options + password ); - const encryptedScanKey = await encryptionService.encryptWithPassword( + const encryptedScanKey = await encryptionService.encrypt( keys.scanKey, - password, - _options + password ); + // Note: encryptionService.encrypt returns base64 string directly + // We need to keep track of salt for compatibility with old format return { - spendKey: encryptedSpendKey.encryptedData, - scanKey: encryptedScanKey.encryptedData, - salt: encryptedSpendKey.salt, - iterations: encryptedSpendKey.iterations, + spendKey: encryptedSpendKey, + scanKey: encryptedScanKey, + salt: new Uint8Array(16), // Placeholder for compatibility + iterations: 100000, // Standard iterations timestamp: Date.now() }; } catch (error) { @@ -361,7 +361,7 @@ export class SecureCredentialsService { }); // Import dynamique du service - const { EncryptionService } = await import('./credentials/encryption.service'); + const { EncryptionService } = await import('./encryption.service'); const encryptionService = EncryptionService.getInstance(); // Générer des clés aléatoires @@ -412,24 +412,23 @@ export class SecureCredentialsService { }); // Import dynamique du service - const { EncryptionService } = await import('./credentials/encryption.service'); + const { EncryptionService } = await import('./encryption.service'); const encryptionService = EncryptionService.getInstance(); // Générer des clés aléatoires const keys = encryptionService.generateRandomKeys(); // Chiffrer avec le mot de passe - const encrypted = await encryptionService.encryptWithPassword( + const encrypted = await encryptionService.encrypt( JSON.stringify(keys), - password, - _options + password ); return { - spendKey: encrypted.encryptedData, + spendKey: encrypted, scanKey: '', // Scan key est inclus dans les données chiffrées - salt: encrypted.salt, - iterations: encrypted.iterations, + salt: new Uint8Array(16), // Placeholder for compatibility + iterations: 100000, timestamp: Date.now() }; } catch (error) { @@ -567,22 +566,18 @@ export class SecureCredentialsService { } // Import dynamique du service de chiffrement - const { EncryptionService } = await import('./credentials/encryption.service'); + const { EncryptionService } = await import('./encryption.service'); const encryptionService = EncryptionService.getInstance(); // Déchiffrer les clés - const spendKey = await encryptionService.decryptWithPassword( + const spendKey = await encryptionService.decrypt( credentials.spendKey, - password, - credentials.salt, - credentials.iterations + password ); - const scanKey = await encryptionService.decryptWithPassword( + const scanKey = await encryptionService.decrypt( credentials.scanKey, - password, - credentials.salt, - credentials.iterations + password ); return {