From: Chris Duncan <chris@zoso.dev>
Date: Mon, 21 Jul 2025 05:15:22 +0000 (-0700)
Subject: Store iv and salt as buffers instead of strings.
X-Git-Tag: v0.10.5~55^2~52
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=9c58da4f5ddfb88d6b3b6b5087d68bfe79a28524;p=libnemo.git

Store iv and salt as buffers instead of strings.
---

diff --git a/src/lib/workers/safe.ts b/src/lib/workers/safe.ts
index acbe06c..1ebcc06 100644
--- a/src/lib/workers/safe.ts
+++ b/src/lib/workers/safe.ts
@@ -92,8 +92,8 @@ export class Safe extends WorkerInterface {
 				const iv = await Entropy.create()
 				const encrypted = await globalThis.crypto.subtle.encrypt({ name: 'AES-GCM', iv: iv.buffer }, encryptionKey, data[label])
 				const record: SafeRecord = {
-					iv: iv.hex,
-					salt: salt.hex,
+					iv: iv.buffer,
+					salt: salt.buffer,
 					label,
 					encrypted
 				}
@@ -131,9 +131,10 @@ export class Safe extends WorkerInterface {
 			}
 			const decryptionKeys: { [salt: string]: CryptoKey } = {}
 			for (const record of records) {
-				decryptionKeys[record.salt] ??= await this.#createAesKey('decrypt', password, (await Entropy.import(record.salt)).buffer)
+				const salt = bytes.toHex(new Uint8Array(record.salt))
+				decryptionKeys[salt] ??= await this.#createAesKey('decrypt', password, record.salt)
 				const iv = await Entropy.import(record.iv)
-				const decrypted = await globalThis.crypto.subtle.decrypt({ name: 'AES-GCM', iv: iv.buffer }, decryptionKeys[record.salt], record.encrypted)
+				const decrypted = await globalThis.crypto.subtle.decrypt({ name: 'AES-GCM', iv: iv.buffer }, decryptionKeys[salt], record.encrypted)
 				results[record.label] = decrypted
 			}
 			return results
diff --git a/src/types.d.ts b/src/types.d.ts
index d3a73b7..8bc350a 100644
--- a/src/types.d.ts
+++ b/src/types.d.ts
@@ -337,9 +337,9 @@ export declare class Rpc {
 }
 
 export type SafeRecord = {
-	iv: string
-	salt: string
 	label: string
+	iv: ArrayBuffer
+	salt: ArrayBuffer
 	encrypted: ArrayBuffer
 }