fix(core): zeroize keyfile_encode output + lock-in tests for backup-keyfile-error and malformed-vs-wrong unlock
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01McMF5pUJbCMricmFEnf2sG
This commit is contained in:
@@ -100,7 +100,7 @@ pub fn unlock_with_secret(
|
||||
pub fn keyfile_encode(secret: &[u8]) -> Result<Vec<u8>, JsError> {
|
||||
let arr: &[u8; 32] = secret.try_into()
|
||||
.map_err(|_| JsError::new("secret must be exactly 32 bytes"))?;
|
||||
Ok(relicario_core::keyfile::keyfile_encode(arr))
|
||||
Ok(relicario_core::keyfile::keyfile_encode(arr).to_vec())
|
||||
}
|
||||
|
||||
/// Decode a `relicario-keyfile-v1` armored file, returning the raw 32-byte secret.
|
||||
|
||||
Reference in New Issue
Block a user