feat: add decryptWithPasswordBase64 method and test wallet decryption
This commit is contained in:
parent
b8b28c1f5d
commit
6a36fde154
@ -398,6 +398,47 @@ document.addEventListener('DOMContentLoaded', async () => {
|
|||||||
securityMode: finalVerification.security_mode,
|
securityMode: finalVerification.security_mode,
|
||||||
hasDeviceInClear: !!finalVerification.device // DEVRAIT ÊTRE FALSE
|
hasDeviceInClear: !!finalVerification.device // DEVRAIT ÊTRE FALSE
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// TEST: Déchiffrer le wallet pour valider que ça fonctionne
|
||||||
|
console.log('🔐 TEST: Attempting to decrypt wallet to validate encryption...');
|
||||||
|
try {
|
||||||
|
const pbkdf2KeyTest = await secureCredentialsService.retrievePBKDF2Key(currentMode as any);
|
||||||
|
if (!pbkdf2KeyTest) {
|
||||||
|
console.error('❌ TEST: Failed to retrieve PBKDF2 key for decryption test');
|
||||||
|
} else {
|
||||||
|
console.log('✅ TEST: PBKDF2 key retrieved for decryption test');
|
||||||
|
|
||||||
|
// Déchiffrer le wallet chiffré (format base64)
|
||||||
|
const decryptedWallet = await encryptionService.decryptWithPasswordBase64(
|
||||||
|
finalVerification.encrypted_wallet,
|
||||||
|
pbkdf2KeyTest
|
||||||
|
);
|
||||||
|
const parsedWallet = JSON.parse(decryptedWallet);
|
||||||
|
console.log('✅ TEST: Wallet decrypted successfully:', {
|
||||||
|
hasScanSk: !!parsedWallet.scan_sk,
|
||||||
|
hasSpendKey: !!parsedWallet.spend_key,
|
||||||
|
network: parsedWallet.network,
|
||||||
|
state: parsedWallet.state,
|
||||||
|
created_at: parsedWallet.created_at
|
||||||
|
});
|
||||||
|
|
||||||
|
// Déchiffrer le device chiffré (format base64)
|
||||||
|
const decryptedDevice = await encryptionService.decryptWithPasswordBase64(
|
||||||
|
finalVerification.encrypted_device,
|
||||||
|
pbkdf2KeyTest
|
||||||
|
);
|
||||||
|
const parsedDevice = JSON.parse(decryptedDevice);
|
||||||
|
console.log('✅ TEST: Device decrypted successfully:', {
|
||||||
|
hasSpWallet: !!parsedDevice.sp_wallet,
|
||||||
|
network: parsedDevice.network
|
||||||
|
});
|
||||||
|
|
||||||
|
console.log('✅ TEST: Full decryption test passed - wallet and device decrypt correctly');
|
||||||
|
}
|
||||||
|
} catch (decryptError) {
|
||||||
|
console.error('❌ TEST: Decryption test failed:', decryptError);
|
||||||
|
console.error('❌ This indicates an issue with encryption/decryption logic');
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
console.error('❌ Final wallet verification failed - wallet not found in IndexedDB');
|
console.error('❌ Final wallet verification failed - wallet not found in IndexedDB');
|
||||||
throw new Error('Wallet verification failed - wallet not found');
|
throw new Error('Wallet verification failed - wallet not found');
|
||||||
|
|||||||
@ -152,6 +152,69 @@ export class EncryptionService {
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Déchiffre des données avec PBKDF2 + AES-GCM (format base64 de encryptWithPassword)
|
||||||
|
*/
|
||||||
|
async decryptWithPasswordBase64(encryptedDataBase64: string, password: string): Promise<string> {
|
||||||
|
try {
|
||||||
|
// Décoder la base64
|
||||||
|
const encrypted = atob(encryptedDataBase64);
|
||||||
|
const combined = new Uint8Array(encrypted.length);
|
||||||
|
for (let i = 0; i < encrypted.length; i++) {
|
||||||
|
combined[i] = encrypted.charCodeAt(i);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Extraire salt (16 bytes), iv (12 bytes) et données chiffrées
|
||||||
|
const salt = combined.slice(0, 16);
|
||||||
|
const iv = combined.slice(16, 28);
|
||||||
|
const encryptedData = combined.slice(28);
|
||||||
|
|
||||||
|
// Dériver la clé avec PBKDF2
|
||||||
|
const keyMaterial = await crypto.subtle.importKey(
|
||||||
|
'raw',
|
||||||
|
new TextEncoder().encode(password),
|
||||||
|
'PBKDF2',
|
||||||
|
false,
|
||||||
|
['deriveBits']
|
||||||
|
);
|
||||||
|
|
||||||
|
const derivedKey = await crypto.subtle.deriveBits(
|
||||||
|
{
|
||||||
|
name: 'PBKDF2',
|
||||||
|
salt: salt,
|
||||||
|
iterations: 100000,
|
||||||
|
hash: 'SHA-256'
|
||||||
|
},
|
||||||
|
keyMaterial,
|
||||||
|
256
|
||||||
|
);
|
||||||
|
|
||||||
|
const cryptoKey = await crypto.subtle.importKey(
|
||||||
|
'raw',
|
||||||
|
derivedKey,
|
||||||
|
{ name: 'AES-GCM' },
|
||||||
|
false,
|
||||||
|
['decrypt']
|
||||||
|
);
|
||||||
|
|
||||||
|
// Déchiffrer
|
||||||
|
const decrypted = await crypto.subtle.decrypt(
|
||||||
|
{ name: 'AES-GCM', iv: iv },
|
||||||
|
cryptoKey,
|
||||||
|
encryptedData
|
||||||
|
);
|
||||||
|
|
||||||
|
return new TextDecoder().decode(decrypted);
|
||||||
|
} catch (error) {
|
||||||
|
secureLogger.error('Failed to decrypt with password base64', {
|
||||||
|
component: 'EncryptionService',
|
||||||
|
operation: 'decryptWithPasswordBase64',
|
||||||
|
error: error instanceof Error ? error.message : String(error)
|
||||||
|
});
|
||||||
|
throw error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Déchiffre des données avec PBKDF2 + AES-GCM
|
* Déchiffre des données avec PBKDF2 + AES-GCM
|
||||||
*/
|
*/
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user