diff --git a/src/pages/wallet-setup/wallet-setup.ts b/src/pages/wallet-setup/wallet-setup.ts index 70333d3..edfe6e9 100644 --- a/src/pages/wallet-setup/wallet-setup.ts +++ b/src/pages/wallet-setup/wallet-setup.ts @@ -398,6 +398,47 @@ document.addEventListener('DOMContentLoaded', async () => { securityMode: finalVerification.security_mode, hasDeviceInClear: !!finalVerification.device // DEVRAIT ÊTRE FALSE }); + + // TEST: Déchiffrer le wallet pour valider que ça fonctionne + console.log('🔐 TEST: Attempting to decrypt wallet to validate encryption...'); + try { + const pbkdf2KeyTest = await secureCredentialsService.retrievePBKDF2Key(currentMode as any); + if (!pbkdf2KeyTest) { + console.error('❌ TEST: Failed to retrieve PBKDF2 key for decryption test'); + } else { + console.log('✅ TEST: PBKDF2 key retrieved for decryption test'); + + // Déchiffrer le wallet chiffré (format base64) + const decryptedWallet = await encryptionService.decryptWithPasswordBase64( + finalVerification.encrypted_wallet, + pbkdf2KeyTest + ); + const parsedWallet = JSON.parse(decryptedWallet); + console.log('✅ TEST: Wallet decrypted successfully:', { + hasScanSk: !!parsedWallet.scan_sk, + hasSpendKey: !!parsedWallet.spend_key, + network: parsedWallet.network, + state: parsedWallet.state, + created_at: parsedWallet.created_at + }); + + // Déchiffrer le device chiffré (format base64) + const decryptedDevice = await encryptionService.decryptWithPasswordBase64( + finalVerification.encrypted_device, + pbkdf2KeyTest + ); + const parsedDevice = JSON.parse(decryptedDevice); + console.log('✅ TEST: Device decrypted successfully:', { + hasSpWallet: !!parsedDevice.sp_wallet, + network: parsedDevice.network + }); + + console.log('✅ TEST: Full decryption test passed - wallet and device decrypt correctly'); + } + } catch (decryptError) { + console.error('❌ TEST: Decryption test failed:', decryptError); + console.error('❌ This indicates an issue with encryption/decryption logic'); + } } else { console.error('❌ Final wallet verification failed - wallet not found in IndexedDB'); throw new Error('Wallet verification failed - wallet not found'); diff --git a/src/services/credentials/encryption.service.ts b/src/services/credentials/encryption.service.ts index 7b1eb05..53bff90 100644 --- a/src/services/credentials/encryption.service.ts +++ b/src/services/credentials/encryption.service.ts @@ -152,6 +152,69 @@ export class EncryptionService { }; } + /** + * Déchiffre des données avec PBKDF2 + AES-GCM (format base64 de encryptWithPassword) + */ + async decryptWithPasswordBase64(encryptedDataBase64: string, password: string): Promise { + try { + // Décoder la base64 + const encrypted = atob(encryptedDataBase64); + const combined = new Uint8Array(encrypted.length); + for (let i = 0; i < encrypted.length; i++) { + combined[i] = encrypted.charCodeAt(i); + } + + // Extraire salt (16 bytes), iv (12 bytes) et données chiffrées + const salt = combined.slice(0, 16); + const iv = combined.slice(16, 28); + const encryptedData = combined.slice(28); + + // Dériver la clé avec PBKDF2 + const keyMaterial = await crypto.subtle.importKey( + 'raw', + new TextEncoder().encode(password), + 'PBKDF2', + false, + ['deriveBits'] + ); + + const derivedKey = await crypto.subtle.deriveBits( + { + name: 'PBKDF2', + salt: salt, + iterations: 100000, + hash: 'SHA-256' + }, + keyMaterial, + 256 + ); + + const cryptoKey = await crypto.subtle.importKey( + 'raw', + derivedKey, + { name: 'AES-GCM' }, + false, + ['decrypt'] + ); + + // Déchiffrer + const decrypted = await crypto.subtle.decrypt( + { name: 'AES-GCM', iv: iv }, + cryptoKey, + encryptedData + ); + + return new TextDecoder().decode(decrypted); + } catch (error) { + secureLogger.error('Failed to decrypt with password base64', { + component: 'EncryptionService', + operation: 'decryptWithPasswordBase64', + error: error instanceof Error ? error.message : String(error) + }); + throw error; + } + } + /** * Déchiffre des données avec PBKDF2 + AES-GCM */