diff options
| author | Ellie Huxtable <ellie@elliehuxtable.com> | 2024-01-22 20:07:19 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-22 20:07:19 +0000 |
| commit | d84f5b2d33e1e6d69877facf037bff02b231ae3c (patch) | |
| tree | b3b0ee2373e05cf14a789320547be1a292acafce /atuin-client | |
| parent | 6af6c9066b8c054ea40021a64bb6ea56d14ff22f (diff) | |
feat: don't stop with invalid key (#1612)
An issue with the old sync was that if there was _one_ record encrypted
with a different key, sync would stop. You'd need to delete your account
and start from scratch. This sucked.
This change means we will carry on, and try to encrypt and build with as
much of the history as we are able to decrypt.
This is possible because we can quite happily store data on disk that we
cannot decrypt. The old store couldn't do this.
In future, we might consider a keyring containing multiple keys.
Diffstat (limited to 'atuin-client')
| -rw-r--r-- | atuin-client/src/history/store.rs | 11 | ||||
| -rw-r--r-- | atuin-client/src/record/encryption.rs | 1 |
2 files changed, 11 insertions, 1 deletions
diff --git a/atuin-client/src/history/store.rs b/atuin-client/src/history/store.rs index 73166de14..442da45d6 100644 --- a/atuin-client/src/history/store.rs +++ b/atuin-client/src/history/store.rs @@ -164,7 +164,16 @@ impl HistoryStore { for record in records.into_iter() { let hist = match record.version.as_str() { HISTORY_VERSION => { - let decrypted = record.decrypt::<PASETO_V4>(&self.encryption_key)?; + let decrypted = record.decrypt::<PASETO_V4>(&self.encryption_key); + + let decrypted = match decrypted { + Ok(d) => d, + Err(e) => { + println!("failed to decrypt history: {e}"); + continue; + } + }; + HistoryRecord::deserialize(&decrypted.data, HISTORY_VERSION) } version => bail!("unknown history version {version:?}"), diff --git a/atuin-client/src/record/encryption.rs b/atuin-client/src/record/encryption.rs index c2cdaa6a8..ca49660c6 100644 --- a/atuin-client/src/record/encryption.rs +++ b/atuin-client/src/record/encryption.rs @@ -128,6 +128,7 @@ impl PASETO_V4 { // For now though we will only support the one key and key rotation will // have to be a hard reset let current_kid = wrapping_key.to_id(); + ensure!( current_kid == kid, "attempting to decrypt with incorrect key. currently using {current_kid}, expecting {kid}" |