proton-bridge icon indicating copy to clipboard operation
proton-bridge copied to clipboard

Published 20 hours ago verified publisher icon ProtonMail

Dont wipe vault on decryption errors

Open kira-bruneau opened this issue 7 months ago • 0 comments

Fixes #470.

Previously, encryption errors from unmarshalFile were grouped together with vault load errors as "corrupt vault" errors, and https://github.com/kira-bruneau/proton-bridge/blob/2fd0985a523784ec412de68ec5bec5bf4309e485/internal/vault/vault.go#L370-L377 would reset the vault any time it was found to be "corrupt".

This change just checks if the resulting error is an encryption error first, and if it is, wires it up like any other I/O error.

Before:

WARN[Jul 23 21:13:10.396] Failed to load existing vault, vault has been reset  error="failed to decrypt vault: cipher: message authentication failed"
WARN[Jul 23 21:13:10.414] The vault is corrupt and has been wiped

After:

FATA[Jul 24 10:18:22.188] could not load/create vault: failed to decrypt vault: cipher: message authentication failed

kira-bruneau avatar Jul 23 '24 22:07 kira-bruneau