From 5a37547b37177d81e12532ba02c40e53562c614e Mon Sep 17 00:00:00 2001 From: zadam Date: Thu, 28 Jul 2022 22:42:02 +0200 Subject: [PATCH] use 16 bytes IV for newly encrypted data, closes #3017 --- src/services/data_encryption.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/services/data_encryption.js b/src/services/data_encryption.js index dd369321e..c372036de 100644 --- a/src/services/data_encryption.js +++ b/src/services/data_encryption.js @@ -30,14 +30,14 @@ function pad(data) { return Buffer.from(data); } -function encrypt(key, plainText, ivLength = 13) { +function encrypt(key, plainText) { if (!key) { throw new Error("No data key!"); } const plainTextBuffer = Buffer.from(plainText); - const iv = crypto.randomBytes(ivLength); + const iv = crypto.randomBytes(16); const cipher = crypto.createCipheriv('aes-128-cbc', pad(key), pad(iv)); const digest = shaArray(plainTextBuffer).slice(0, 4); @@ -51,7 +51,7 @@ function encrypt(key, plainText, ivLength = 13) { return encryptedDataWithIv.toString('base64'); } -function decrypt(key, cipherText, ivLength = 13) { +function decrypt(key, cipherText) { if (cipherText === null) { return null; } @@ -62,6 +62,10 @@ function decrypt(key, cipherText, ivLength = 13) { try { const cipherTextBufferWithIv = Buffer.from(cipherText.toString(), 'base64'); + + // old encrypted data can have IV of length 13, see some details here: https://github.com/zadam/trilium/issues/3017 + const ivLength = cipherTextBufferWithIv.length % 16 === 0 ? 16 : 13; + const iv = cipherTextBufferWithIv.slice(0, ivLength); const cipherTextBuffer = cipherTextBufferWithIv.slice(ivLength);