safe

Password protected secret keeper
git clone git://git.z3bra.org/safe.git
Log | Files | Refs | README | LICENSE

commit 0fe1bf13e623f52610fe2307b26c8fada91c750d
parent c17f57fbb9d825b1137066cb3e2cbdd3fc94f589
Author: z3bra <contactatz3bradotorg>
Date:   Thu, 23 May 2019 11:50:56 +0200

Store salt in the encrypted secret file

Diffstat:
safe.c | 16++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/safe.c b/safe.c @@ -118,11 +118,8 @@ hash(uint8_t *buf, size_t size, uint8_t *md, size_t mdsize) } void -deriv(char *pw, uint8_t *key, size_t ks) +deriv(char *pw, uint8_t *salt, uint8_t *key, size_t ks) { - uint8_t salt[crypto_pwhash_SALTBYTES]; - - sodium_memzero(salt, sizeof(salt)); if (crypto_pwhash(key, ks, pw, strlen(pw), salt, crypto_pwhash_OPSLIMIT_INTERACTIVE, crypto_pwhash_MEMLIMIT_INTERACTIVE, @@ -187,13 +184,17 @@ store_secret(int fd, char *name) { int sfd; uint8_t key[crypto_secretstream_xchacha20poly1305_KEYBYTES]; + uint8_t salt[crypto_pwhash_SALTBYTES]; sfd = open(name, O_WRONLY | O_CREAT, 0600); if (sfd < 0) err(1, "open %s", name); + randombytes_buf(salt, sizeof(salt)); + xwrite(sfd, salt, sizeof(salt)); + readpass("Passphrase:", &passphrase, &pplen); - deriv((char *)passphrase, key, sizeof(key)); + deriv((char *)passphrase, salt, key, sizeof(key)); xencrypt(fd, sfd, key); close(sfd); @@ -206,13 +207,16 @@ show_secret(int fd, char *name) { int sfd; uint8_t key[crypto_secretstream_xchacha20poly1305_KEYBYTES]; + uint8_t salt[crypto_pwhash_SALTBYTES]; sfd = open(name, O_RDONLY); if (sfd < 0) err(1, "open %s", name); + xread(sfd, salt, sizeof(salt)); + readpass("Passphrase:", &passphrase, &pplen); - deriv((char *)passphrase, key, sizeof(key)); + deriv((char *)passphrase, salt, key, sizeof(key)); xdecrypt(sfd, fd, key); close(sfd);