fix(core): zeroize keyfile_encode output + lock-in tests for backup-keyfile-error and malformed-vs-wrong unlock
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01McMF5pUJbCMricmFEnf2sG
This commit is contained in:
@@ -25,8 +25,8 @@ const HEADER: &str = "relicario-keyfile-v1";
|
||||
///
|
||||
/// Output is: `"relicario-keyfile-v1\n<base64>\n"` as UTF-8 bytes.
|
||||
/// The returned bytes are suitable for writing directly to a `.relkey` file.
|
||||
pub fn keyfile_encode(secret: &[u8; 32]) -> Vec<u8> {
|
||||
format!("{HEADER}\n{}\n", STANDARD.encode(secret)).into_bytes()
|
||||
pub fn keyfile_encode(secret: &[u8; 32]) -> Zeroizing<Vec<u8>> {
|
||||
Zeroizing::new(format!("{HEADER}\n{}\n", STANDARD.encode(secret)).into_bytes())
|
||||
}
|
||||
|
||||
/// Decode a `relicario-keyfile-v1` armored file back to the raw 32-byte secret.
|
||||
|
||||
Reference in New Issue
Block a user