From: Chris Duncan <chris@zoso.dev>
Date: Thu, 17 Jul 2025 21:43:59 +0000 (-0700)
Subject: Generate encryption key once per safe storage request.
X-Git-Tag: v0.10.5~56^2~10
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=fb5089cb3cfc51975afcce07c0ce8b568fda16fd;p=libnemo.git

Generate encryption key once per safe storage request.
---

diff --git a/src/lib/workers/safe.ts b/src/lib/workers/safe.ts
index 6543a19..bcc8c63 100644
--- a/src/lib/workers/safe.ts
+++ b/src/lib/workers/safe.ts
@@ -76,9 +76,9 @@ export class Safe extends WorkerInterface {
 
 		try {
 			const records: SafeRecord[] = []
+			const salt = await Entropy.create()
+			const encryptionKey = await Safe.#createAesKey('encrypt', password, salt.buffer)
 			for (const label of Object.keys(data)) {
-				const salt = await Entropy.create()
-				const encryptionKey = await Safe.#createAesKey('encrypt', password, salt.buffer)
 				const iv = await Entropy.create()
 				const encrypted = await globalThis.crypto.subtle.encrypt({ name: 'AES-GCM', iv: iv.buffer }, encryptionKey, data[label])
 				const record: SafeRecord = {