Include KDF params in recovery key info

This adjusts the metadata from `createRecoveryKeyFromPassphrase` to include KDF info formatted in the way secret storage expects. Since `prepareKeyBackupVersion` did something similar, we adjust it to use the new function and reshape the objects.
2025-11-25 05:23:13 +03:00 · 2019-12-05 10:20:20 +00:00
parent 5fced642fa
commit 65f8556ee9
2 changed files with 27 additions and 29 deletions
--- a/src/crypto/index.js
+++ b/src/crypto/index.js
@@ -325,18 +325,26 @@ Crypto.prototype.init = async function() {
 * @param {string} password Passphrase string that can be entered by the user
 *     when restoring the backup as an alternative to entering the recovery key.
 *     Optional.
- * @returns {Promise<String>} The user-facing recovery key string.
+ * @returns {Promise<Array>} Array with public key metadata and encoded private
+ *     recovery key which should be disposed of after displaying to the user.
 */
 Crypto.prototype.createRecoveryKeyFromPassphrase = async function(password) {
    const decryption = new global.Olm.PkDecryption();
    try {
+        const keyInfo = {};
        if (password) {
-            const keyInfo = await keyFromPassphrase(password);
-            decryption.init_with_private_key(keyInfo.key);
+            const derivation = await keyFromPassphrase(password);
+            keyInfo.passphrase = {
+                algorithm: "m.pbkdf2",
+                iterations: derivation.iterations,
+                salt: derivation.salt,
+            };
+            keyInfo.pubkey = decryption.init_with_private_key(derivation.key);
        } else {
-            decryption.generate_key();
+            keyInfo.pubkey = decryption.generate_key();
        }
-        return encodeRecoveryKey(decryption.get_private_key());
+        const encodedPrivateKey = encodeRecoveryKey(decryption.get_private_key());
+        return [keyInfo, encodedPrivateKey];
    } finally {
        decryption.free();
    }