From: Chris Duncan <chris@zoso.dev>
Date: Fri, 8 Aug 2025 18:41:47 +0000 (-0700)
Subject: Restrict iv to 96 bits per GCM best practice.
X-Git-Tag: v0.10.5~43^2~15
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=433b76d7e1533416b612b6651100a524abe60900;p=libnemo.git

Restrict iv to 96 bits per GCM best practice.
---

diff --git a/src/lib/safe.ts b/src/lib/safe.ts
index a1ef851..147a50f 100644
--- a/src/lib/safe.ts
+++ b/src/lib/safe.ts
@@ -356,7 +356,9 @@ export class Safe {
 			seed: bytes.toHex(new Uint8Array(this.#seed))
 		}
 		if (this.#mnemonic != null) data.mnemonic = this.#mnemonic
-		const iv = crypto.getRandomValues(new Uint8Array(32)).buffer
+
+		// restrict iv to 96 bits per GCM best practice
+		const iv = crypto.getRandomValues(new Uint8Array(12)).buffer
 		const encoded = utf8.toBytes(JSON.stringify(data))
 		const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded)
 		return { iv, encrypted }