fix(core): zeroize keyfile_encode output + lock-in tests for backup-keyfile-error and malformed-vs-wrong unlock

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01McMF5pUJbCMricmFEnf2sG
This commit is contained in:
adlee-was-taken
2026-06-26 21:45:14 -04:00
parent 2c5af671d0
commit b2bed1c50e
4 changed files with 86 additions and 4 deletions

View File

@@ -100,7 +100,7 @@ pub fn unlock_with_secret(
pub fn keyfile_encode(secret: &[u8]) -> Result<Vec<u8>, JsError> {
let arr: &[u8; 32] = secret.try_into()
.map_err(|_| JsError::new("secret must be exactly 32 bytes"))?;
Ok(relicario_core::keyfile::keyfile_encode(arr))
Ok(relicario_core::keyfile::keyfile_encode(arr).to_vec())
}
/// Decode a `relicario-keyfile-v1` armored file, returning the raw 32-byte secret.