trilium/services/password_encryption.js

const options = require('./options');
const my_scrypt = require('./my_scrypt');
const utils = require('./utils');
const data_encryption = require('./data_encryption');

async function verifyPassword(password) {
    const givenPasswordHash = utils.toBase64(await my_scrypt.getVerificationHash(password));

    const dbPasswordHash = await options.getOption('password_verification_hash');

    return givenPasswordHash === dbPasswordHash;
}

async function setDataKey(password, plainTextDataKey) {
    const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);

    const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16);

    await options.setOption('encrypted_data_key_iv', encryptedDataKeyIv);

    const buffer = Buffer.from(plainTextDataKey);

    const newEncryptedDataKey = data_encryption.encrypt(passwordDerivedKey, encryptedDataKeyIv, buffer);

    await options.setOption('encrypted_data_key', newEncryptedDataKey);
}

async function getDataKey(password) {
    const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);

    const encryptedDataKeyIv = await options.getOption('encrypted_data_key_iv');
    const encryptedDataKey = await options.getOption('encrypted_data_key');

    const decryptedDataKey = data_encryption.decrypt(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey);

    return decryptedDataKey;
}

module.exports = {
    verifyPassword,
    getDataKey,
    setDataKey
};
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`const options = require('./options');`
			`const my_scrypt = require('./my_scrypt');`
			`const utils = require('./utils');`
data key is not encrypted with aes-cbc as well 2017-11-16 12:39:50 +08:00			`const data_encryption = require('./data_encryption');`
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00
			`async function verifyPassword(password) {`
			`const givenPasswordHash = utils.toBase64(await my_scrypt.getVerificationHash(password));`

			`const dbPasswordHash = await options.getOption('password_verification_hash');`

			`return givenPasswordHash === dbPasswordHash;`
			`}`

fixed password change (broken since migration to CBC encryption) 2017-11-23 09:57:06 +08:00			`async function setDataKey(password, plainTextDataKey) {`
data key is not encrypted with aes-cbc as well 2017-11-16 12:39:50 +08:00			`const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);`

			`const encryptedDataKeyIv = utils.randomSecureToken(16).slice(0, 16);`

			`await options.setOption('encrypted_data_key_iv', encryptedDataKeyIv);`

fixed password change (broken since migration to CBC encryption) 2017-11-23 09:57:06 +08:00			`const buffer = Buffer.from(plainTextDataKey);`
data key is not encrypted with aes-cbc as well 2017-11-16 12:39:50 +08:00
cleaned up "CBC" from methods since we don't have CTR 2017-11-19 01:53:17 +08:00			`const newEncryptedDataKey = data_encryption.encrypt(passwordDerivedKey, encryptedDataKeyIv, buffer);`
data key is not encrypted with aes-cbc as well 2017-11-16 12:39:50 +08:00
			`await options.setOption('encrypted_data_key', newEncryptedDataKey);`
			`}`

cleaned up "CBC" from methods since we don't have CTR 2017-11-19 01:53:17 +08:00			`async function getDataKey(password) {`
data key is not encrypted with aes-cbc as well 2017-11-16 12:39:50 +08:00			`const passwordDerivedKey = await my_scrypt.getPasswordDerivedKey(password);`

			`const encryptedDataKeyIv = await options.getOption('encrypted_data_key_iv');`
			`const encryptedDataKey = await options.getOption('encrypted_data_key');`

cleaned up "CBC" from methods since we don't have CTR 2017-11-19 01:53:17 +08:00			`const decryptedDataKey = data_encryption.decrypt(passwordDerivedKey, encryptedDataKeyIv, encryptedDataKey);`
data key is not encrypted with aes-cbc as well 2017-11-16 12:39:50 +08:00
			`return decryptedDataKey;`
			`}`

refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`module.exports = {`
			`verifyPassword,`
cleaned up "CBC" from methods since we don't have CTR 2017-11-19 01:53:17 +08:00			`getDataKey,`
			`setDataKey`
refactoring of password change and preparations for server side encryption 2017-11-10 12:25:23 +08:00			`};`