feat(encryption): skip mnemonic generation and save keys directly to metadata.edn

package.json

@@ -56,9 +56,8 @@
         "cljs:build-electron": "clojure -A:cljs compile app electron"
     },
     "dependencies": {
-        "chokidar": "^3.5.1",
         "@kanru/rage-wasm": "^0.1.4",
-        "bip39": "^3.0.3",
+        "chokidar": "^3.5.1",
         "codemirror": "^5.58.1",
         "diff": "5.0.0",
         "diff-match-patch": "^1.0.5",
@@ -79,4 +78,4 @@
         "url": "^0.11.0",
         "yargs-parser": "^20.2.4"
     }
-}
+}

src/main/frontend/components/encryption.cljs

@@ -12,7 +12,7 @@
   (rum/local false ::reveal-secret-phrase?)
   [state repo-url close-fn]
   (let [reveal-secret-phrase? (get state ::reveal-secret-phrase?)
-        secret-phrase (e/get-mnemonic repo-url)
+        secret-phrase (e/get-key-pair repo-url)
         public-key (e/get-public-key repo-url)
         private-key (e/get-secret-key repo-url)]
     (rum/with-context [[t] i18n/*tongue-context*]
@@ -28,15 +28,13 @@
           {:on-click (fn []
                        (when (not @reveal-secret-phrase?)
                          (reset! reveal-secret-phrase? true)))}
+          [:div.font-medium.text-gray-900 "Public Key:"]
+          [:div public-key]
           (if @reveal-secret-phrase?
             [:div
-             [:div.font-medium.text-gray-900 "Secret Phrase:"]
-             [:div secret-phrase]
-             [:div.font-medium.text-gray-900 "Public Key:"]
-             [:div public-key]
-             [:div.font-medium.text-gray-900 "Private Key:"]
+             [:div.mt-1.font-medium.text-gray-900 "Private Key:"]
              [:div private-key]]
-            "click to view the secret phrase")]]]
+            [:div.text-gray-500 "click to view the private key"])]]]
 
        [:div.mt-5.sm:mt-4.sm:flex.sm:flex-row-reverse
         [:span.mt-3.flex.w-full.rounded-md.shadow-sm.sm:mt-0.sm:w-auto
@@ -74,8 +72,8 @@
            :on-click (fn []
                        (let [value @password]
                          (when-not (string/blank? value)
-                           (when-let [mnemonic (e/generate-mnemonic-and-save! repo-url)]
-                             (let [db-encrypted-secret (e/encrypt-with-passphrase value mnemonic)]
+                           (when-let [keys (e/generate-key-pair-and-save! repo-url)]
+                             (let [db-encrypted-secret (e/encrypt-with-passphrase value keys)]
                                (metadata-handler/set-db-encrypted-secret! db-encrypted-secret)))
                            (close-fn true))))}
           "Submit"]]]])))
@@ -124,9 +122,7 @@
        [:div.sm:flex.sm:items-start
         [:div.mt-3.text-center.sm:mt-0.sm:text-left
          [:h3#modal-headline.text-lg.leading-6.font-medium.text-gray-900
-          (if db-encrypted-secret
-            "Enter your password"
-            "Enter your secret phrase")]]]
+          "Enter your password"]]]
 
        [:input.form-input.block.w-full.sm:text-sm.sm:leading-5.my-2
         {:auto-focus true
@@ -142,9 +138,7 @@
                        (let [value @secret]
                          (when-not (string/blank? value) ; TODO: length or other checks
                            (let [repo (state/get-current-repo)]
-                             (if db-encrypted-secret
-                               (e/save-mnemonic! repo (e/decrypt-with-passphrase value db-encrypted-secret))
-                               (e/save-mnemonic! repo value))
+                             (e/save-key-pair! repo (e/decrypt-with-passphrase value db-encrypted-secret))
                              (close-fn true)))))}
           "Submit"]]]])))
 

src/main/frontend/db_schema.cljs

@@ -16,8 +16,7 @@
    :db/type         {}
    :db/ident        {:db/unique :db.unique/identity}
    :db/encrypted?    {}
-   :db/secret-phrase {}
-
+   :db/encryption-keys {}
    ;; user
    :me/name  {}
    :me/email {}

src/main/frontend/encrypt.cljs

@@ -4,8 +4,7 @@
             [frontend.db :as db]
             [frontend.state :as state]
             [clojure.string :as str]
-            ["bip39" :as bip39]
-            ["buffer" :as buffer]
+            [cljs.reader :as reader]
             ["@kanru/rage-wasm" :as rage]
             [lambdaisland.glogi :as log]))
 
@@ -21,40 +20,34 @@
   [repo-url]
   (db-utils/get-key-value repo-url :db/encrypted?))
 
-(defn get-mnemonic
+(defn get-key-pair
   [repo-url]
-  (db-utils/get-key-value repo-url :db/secret-phrase))
+  (db-utils/get-key-value repo-url :db/encryption-keys))
 
-(defn save-mnemonic!
-  [repo-url mnemonic]
-  (db/set-key-value repo-url :db/secret-phrase (str/trim mnemonic))
-  (db/set-key-value repo-url :db/encrypted? true))
+(defn save-key-pair!
+  [repo-url keys]
+  (let [keys (if (string? keys) (reader/read-string keys) keys)]
+    (db/set-key-value repo-url :db/encryption-keys keys)
+    (db/set-key-value repo-url :db/encrypted? true)))
 
-(defn- generate-mnemonic
+(defn- generate-key-pair
   []
-  (bip39/generateMnemonic 256))
+  (rage/keygen))
 
-(defn generate-mnemonic-and-save!
+(defn generate-key-pair-and-save!
   [repo-url]
-  (when-not (get-mnemonic repo-url)
-    (let [mnemonic (generate-mnemonic)]
-      (save-mnemonic! repo-url mnemonic)
-      mnemonic)))
-
-(defn- derive-key-from-mnemonic
-  [mnemonic]
-  (let [entropy (-> (bip39/mnemonicToEntropy mnemonic)
-                    (buffer/Buffer.from "hex"))
-        keys (rage/keygen_from_random_bytes entropy)]
-    keys))
+  (when-not (get-key-pair repo-url)
+    (let [keys (generate-key-pair)]
+      (save-key-pair! repo-url keys)
+      (pr-str keys))))
 
 (defn get-public-key
   [repo-url]
-  (second (derive-key-from-mnemonic (get-mnemonic repo-url))))
+  (second (get-key-pair repo-url)))
 
 (defn get-secret-key
   [repo-url]
-  (first (derive-key-from-mnemonic (get-mnemonic repo-url))))
+  (first (get-key-pair repo-url)))
 
 (defn encrypt
   ([content]

yarn.lock

@@ -335,11 +335,6 @@
   resolved "https://registry.yarnpkg.com/@types/node/-/node-14.14.25.tgz#15967a7b577ff81383f9b888aa6705d43fbbae93"
   integrity sha512-EPpXLOVqDvisVxtlbvzfyqSsFeQxltFbluZNRndIb8tr9KiBnYNLzrc1N3pyKUCww2RNrfHDViqDWWE1LCJQtQ==
 
-"@types/[email protected]":
-  version "11.11.6"
-  resolved "https://registry.yarnpkg.com/@types/node/-/node-11.11.6.tgz#df929d1bb2eee5afdda598a41930fe50b43eaa6a"
-  integrity sha512-Exw4yUWMBXM3X+8oqzJNRqZSwUAaS4+7NdvHqQuFi/d+synz++xmX3QIf+BFqneW8N31R8Ky+sikfZUXq07ggQ==
-
 "@types/node@^12.0.12":
   version "12.19.16"
   resolved "https://registry.yarnpkg.com/@types/node/-/node-12.19.16.tgz#15753af35cbef636182d8d8ca55b37c8583cecb3"
@@ -774,16 +769,6 @@ bindings@^1.5.0:
   dependencies:
     file-uri-to-path "1.0.0"
 
-bip39@^3.0.3:
-  version "3.0.3"
-  resolved "https://registry.yarnpkg.com/bip39/-/bip39-3.0.3.tgz#4a8b79067d6ed2e74f9199ac994a2ab61b176760"
-  integrity sha512-P0dKrz4g0V0BjXfx7d9QNkJ/Txcz/k+hM9TnjqjUaXtuOfAvxXSw2rJw8DX0e3ZPwnK/IgDxoRqf0bvoVCqbMg==
-  dependencies:
-    "@types/node" "11.11.6"
-    create-hash "^1.1.0"
-    pbkdf2 "^3.0.9"
-    randombytes "^2.0.1"
-
 bn.js@^4.0.0, bn.js@^4.1.0, bn.js@^4.11.9:
   version "4.11.9"
   resolved "https://registry.yarnpkg.com/bn.js/-/bn.js-4.11.9.tgz#26d556829458f9d1e81fc48952493d0ba3507828"
@@ -4483,7 +4468,7 @@ path@^0.12.7:
     process "^0.11.1"
     util "^0.10.3"
 
-pbkdf2@^3.0.3, pbkdf2@^3.0.9:
+pbkdf2@^3.0.3:
   version "3.1.1"
   resolved "https://registry.yarnpkg.com/pbkdf2/-/pbkdf2-3.1.1.tgz#cb8724b0fada984596856d1a6ebafd3584654b94"
   integrity sha512-4Ejy1OPxi9f2tt1rRV7Go7zmfDQ+ZectEQz3VGUQhgq62HtIRPDyG/JtnwIxs6x3uNMwo2V7q1fMvKjb+Tnpqg==