m/ts-pykeepass-wrapper
1
0
Fork 0
Code Issues Actions Wiki Activity

feat: add secret derivation for KeePass key files

Browse Source
This commit is contained in:
MatMoul
2026-05-10 01:27:39 +02:00
parent fa7df95d32
commit 0ee5689832
3 changed files with 28 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/kdbx/crypto.ts
+17
View File
@@ -13,3 +13,20 @@ export function deriveKey(password: string, salt: Uint8Array, rounds: number, le
return new Uint8Array(pbkdf2Sync(password, Buffer.from(salt), rounds, length, "sha256"));
}
export function normalizeKeyFileBytes(bytes: Uint8Array): Uint8Array {
return sha256(bytes);
}
export function combineSecrets(password: string, keyFileBytes?: Uint8Array): Uint8Array {
const passwordHash = sha256(password);
if (!keyFileBytes) return passwordHash;
return sha256(Buffer.concat([Buffer.from(passwordHash), Buffer.from(normalizeKeyFileBytes(keyFileBytes))]));
}
export function deriveMasterKey(secret: Uint8Array, salt: Uint8Array, rounds: number): Uint8Array {
if (secret.length === 0) {
throw new Error("Missing secret for key derivation");
}
return new Uint8Array(pbkdf2Sync(Buffer.from(secret), Buffer.from(salt), rounds, 32, "sha256"));
}