verifyPasswordCheck decrypts the password-check marker from metaData to confirm the database is valid and accessible.
()
| 104 | // verifyPasswordCheck decrypts the password-check marker from metaData |
| 105 | // to confirm the database is valid and accessible. |
| 106 | func (k *key4DB) verifyPasswordCheck() error { |
| 107 | pbe, err := crypto.NewASN1PBE(k.passwordCheck) |
| 108 | if err != nil { |
| 109 | return fmt.Errorf("parse password check: %w", err) |
| 110 | } |
| 111 | plain, err := pbe.Decrypt(k.globalSalt) |
| 112 | if err != nil { |
| 113 | return fmt.Errorf("decrypt password check: %w", err) |
| 114 | } |
| 115 | if !bytes.Contains(plain, []byte("password-check")) { |
| 116 | return errors.New("password check verification failed") |
| 117 | } |
| 118 | return nil |
| 119 | } |
| 120 | |
| 121 | // decryptPrivateKey decrypts a single master key candidate using the global salt. |
| 122 | func (k *key4DB) decryptPrivateKey(pk privateKey) ([]byte, error) { |
no test coverage detected