internal static KeyMac DecryptMasterKey(M.Profile profile, KeyMac kek)
{
try
{
return(DecryptBase64Key(profile.MasterKey, kek));
}
catch (InternalErrorException e) when(e.Message.Contains("tag doesn't match"))
{
// This is a bit hacky. There's no sure way to verify if the password is correct. The things
// will start failing to decrypt on HMAC/tag verification. So only for the master key we assume
// that the structure of the vault is not corrupted (which is unlikely) but rather the master
// password wasn't given correctly. So we rethrow the "corrupted" exception as the "incorrect
// password". Unfortunately we have to rely on the contents of the error message as well.
throw new BadCredentialsException("Most likely the master password is incorrect", e);
}
}
internal static KeyMac DecryptOverviewKey(M.Profile profile, KeyMac kek)
{
return(DecryptBase64Key(profile.OverviewKey, kek));
}
internal static KeyMac DeriveKek(M.Profile profile, string password)
{
return(Util.DeriveKek(password.ToBytes(), profile.Salt.Decode64(), profile.Iterations));
}
