Notes/src/services/password_encryption.js

const optionService = require('./options');
const myScryptService = require('./my_scrypt');
const utils = require('./utils');
const dataEncryptionService = require('./data_encryption');

function verifyPassword(password) {
    const givenPasswordHash = utils.toBase64(myScryptService.getVerificationHash(password));

    const dbPasswordHash = optionService.getOptionOrNull('passwordVerificationHash');

    if (!dbPasswordHash) {
        return false;
    }
    
    return givenPasswordHash === dbPasswordHash;
}

function setDataKey(password, plainTextDataKey) {
    const passwordDerivedKey = myScryptService.getPasswordDerivedKey(password);

    const newEncryptedDataKey = dataEncryptionService.encrypt(passwordDerivedKey, plainTextDataKey, 16);

    optionService.setOption('encryptedDataKey', newEncryptedDataKey);
}

function getDataKey(password) {
    const passwordDerivedKey = myScryptService.getPasswordDerivedKey(password);

    const encryptedDataKey = optionService.getOption('encryptedDataKey');

    const decryptedDataKey = dataEncryptionService.decrypt(passwordDerivedKey, encryptedDataKey, 16);

    return decryptedDataKey;
}

module.exports = {
    verifyPassword,
    getDataKey,
    setDataKey
};
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00			`const optionService = require('./options');`
			`const myScryptService = require('./my_scrypt');`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`const utils = require('./utils');`
refactored backend to use new naming convention for modules 2018-04-01 21:27:46 -04:00			`const dataEncryptionService = require('./data_encryption');`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
syncification 2020-06-20 12:31:38 +02:00			`function verifyPassword(password) {`
			`const givenPasswordHash = utils.toBase64(myScryptService.getVerificationHash(password));`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`const dbPasswordHash = optionService.getOptionOrNull('passwordVerificationHash');`
refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00
etapi improvements and more tests 2022-01-12 19:32:23 +01:00			`if (!dbPasswordHash) {`
			`return false;`
			`}`

refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`return givenPasswordHash === dbPasswordHash;`
			`}`

syncification 2020-06-20 12:31:38 +02:00			`function setDataKey(password, plainTextDataKey) {`
			`const passwordDerivedKey = myScryptService.getPasswordDerivedKey(password);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
delete note through its entity instead of manually with SQL, closes #303 2019-01-13 00:24:51 +01:00			`const newEncryptedDataKey = dataEncryptionService.encrypt(passwordDerivedKey, plainTextDataKey, 16);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
syncification 2020-06-20 12:31:38 +02:00			`optionService.setOption('encryptedDataKey', newEncryptedDataKey);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00			`}`

syncification 2020-06-20 12:31:38 +02:00			`function getDataKey(password) {`
			`const passwordDerivedKey = myScryptService.getPasswordDerivedKey(password);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
syncification 2020-06-20 12:31:38 +02:00			`const encryptedDataKey = optionService.getOption('encryptedDataKey');`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
store iv directly in the respective columns 2019-01-11 23:04:51 +01:00			`const decryptedDataKey = dataEncryptionService.decrypt(passwordDerivedKey, encryptedDataKey, 16);`
data key is not encrypted with aes-cbc as well 2017-11-15 23:39:50 -05:00
			`return decryptedDataKey;`
			`}`

refactoring of password change and preparations for server side encryption 2017-11-09 23:25:23 -05:00			`module.exports = {`
			`verifyPassword,`
cleaned up "CBC" from methods since we don't have CTR 2017-11-18 12:53:17 -05:00			`getDataKey,`
			`setDataKey`
syncification 2020-06-20 12:31:38 +02:00			`};`