internal static KeyMac DecryptMasterKey(M.Profile profile, KeyMac kek) { try { return(DecryptBase64Key(profile.MasterKey, kek)); } catch (InternalErrorException e) when(e.Message.Contains("tag doesn't match")) { // This is a bit hacky. There's no sure way to verify if the password is correct. The things // will start failing to decrypt on HMAC/tag verification. So only for the master key we assume // that the structure of the vault is not corrupted (which is unlikely) but rather the master // password wasn't given correctly. So we rethrow the "corrupted" exception as the "incorrect // password". Unfortunately we have to rely on the contents of the error message as well. throw new BadCredentialsException("Most likely the master password is incorrect", e); } }
internal static KeyMac DecryptOverviewKey(M.Profile profile, KeyMac kek) { return(DecryptBase64Key(profile.OverviewKey, kek)); }
internal static KeyMac DeriveKek(M.Profile profile, string password) { return(Util.DeriveKek(password.ToBytes(), profile.Salt.Decode64(), profile.Iterations)); }