4nk/ihm_client
5
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

security: deprecate non-encrypting WebAuthn methods and add warnings

Browse Source
This commit is contained in:
NicolasCantu 2025-10-26 02:45:48 +01:00
parent 6a36fde154
commit ab31901a20
2 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/pages/wallet-setup/wallet-setup.ts
View File

@ -407,7 +407,7 @@ document.addEventListener('DOMContentLoaded', async () => {
console.error('❌ TEST: Failed to retrieve PBKDF2 key for decryption test'); console.error('❌ TEST: Failed to retrieve PBKDF2 key for decryption test');
} else { } else {
console.log('✅ TEST: PBKDF2 key retrieved for decryption test'); console.log('✅ TEST: PBKDF2 key retrieved for decryption test');
// Déchiffrer le wallet chiffré (format base64) // Déchiffrer le wallet chiffré (format base64)
const decryptedWallet = await encryptionService.decryptWithPasswordBase64( const decryptedWallet = await encryptionService.decryptWithPasswordBase64(
finalVerification.encrypted_wallet, finalVerification.encrypted_wallet,

15
src/services/credentials/encryption.service.ts
View File

@ -265,32 +265,37 @@ export class EncryptionService {
/** /**
* Chiffre des credentials avec WebAuthn * WARNING: DEPRECATED - This method does NOT encrypt, only base64 encoding
* Use encryptWithPassword or WebAuthn key encryption instead
*/ */
async encryptWithWebAuthn( async encryptWithWebAuthn(
credentials: CredentialData, credentials: CredentialData,
credentialId: string credentialId: string
): Promise<string> { ): Promise<string> {
secureLogger.error('encryptWithWebAuthn is deprecated and does NOT encrypt data', new Error('Use encryptWithPassword or WebAuthn encryption'));
const data = JSON.stringify({ const data = JSON.stringify({
spendKey: credentials.spendKey, spendKey: credentials.spendKey,
scanKey: credentials.scanKey, scanKey: credentials.scanKey,
timestamp: credentials.timestamp timestamp: credentials.timestamp
}); });
// Pour l'instant, on utilise un chiffrement simple // WARNING: Only base64 encoding, no encryption - DO NOT USE FOR SENSITIVE DATA
// Dans une vraie implémentation, on utiliserait la clé publique WebAuthn
const encoded = btoa(data); const encoded = btoa(data);
return encoded; return encoded;
} }
/** /**
* Déchiffre des credentials avec WebAuthn * WARNING: DEPRECATED - This method does NOT decrypt, only base64 decoding
* Use decryptWithPassword or WebAuthn key decryption instead
*/ */
async decryptWithWebAuthn( async decryptWithWebAuthn(
encryptedData: string, encryptedData: string,
credentialId: string credentialId: string
): Promise<CredentialData> { ): Promise<CredentialData> {
// Pour l'instant, on utilise un déchiffrement simple secureLogger.error('decryptWithWebAuthn is deprecated and does NOT decrypt data', new Error('Use decryptWithPassword or WebAuthn decryption'));
// WARNING: Only base64 decoding, no decryption - DO NOT USE FOR SENSITIVE DATA
const decoded = atob(encryptedData); const decoded = atob(encryptedData);
const data = JSON.parse(decoded); const data = JSON.parse(decoded);