fix(core): zeroize keyfile_encode output + lock-in tests for backup-keyfile-error and malformed-vs-wrong unlock

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01McMF5pUJbCMricmFEnf2sG
This commit is contained in:
adlee-was-taken
2026-06-26 21:45:14 -04:00
parent 2c5af671d0
commit b2bed1c50e
4 changed files with 86 additions and 4 deletions

View File

@@ -25,8 +25,8 @@ const HEADER: &str = "relicario-keyfile-v1";
///
/// Output is: `"relicario-keyfile-v1\n<base64>\n"` as UTF-8 bytes.
/// The returned bytes are suitable for writing directly to a `.relkey` file.
pub fn keyfile_encode(secret: &[u8; 32]) -> Vec<u8> {
format!("{HEADER}\n{}\n", STANDARD.encode(secret)).into_bytes()
pub fn keyfile_encode(secret: &[u8; 32]) -> Zeroizing<Vec<u8>> {
Zeroizing::new(format!("{HEADER}\n{}\n", STANDARD.encode(secret)).into_bytes())
}
/// Decode a `relicario-keyfile-v1` armored file back to the raw 32-byte secret.