AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-04 21:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

WIP: Allow decrypting logins/credentials via the API

Browse Source
This commit is contained in:
wrongecho
2024-08-25 12:45:18 +01:00
parent 9ef3099495
commit 24ff6f5c84
4 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
functions.php
View File

@@ -380,10 +380,8 @@ function encryptLoginEntry($login_password_cleartext)
return $iv . $ciphertext; return $iv . $ciphertext;
} }
function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key_decrypt_password) function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
{ {
// TODO: try marking $api_key_decrypt_password as sensitive - new in PHP 8.2
// Split the login entry (username/password) into IV and Ciphertext // Split the login entry (username/password) into IV and Ciphertext
$login_iv = substr($login_ciphertext, 0, 16); $login_iv = substr($login_ciphertext, 0, 16);
$login_ciphertext = $salt = substr($login_ciphertext, 16); $login_ciphertext = $salt = substr($login_ciphertext, 16);
@@ -395,7 +393,7 @@ function apiDecryptLoginEntry($login_ciphertext, $api_key_decrypt_hash, $api_key
return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv); return openssl_decrypt($login_ciphertext, 'aes-128-cbc', $site_encryption_master_key, 0, $login_iv);
} }
function apiEncryptLoginEntry($credential_cleartext, $api_key_decrypt_hash, $api_key_decrypt_password) function apiEncryptLoginEntry(#[\SensitiveParameter]$credential_cleartext, $api_key_decrypt_hash, #[\SensitiveParameter]$api_key_decrypt_password)
{ {
$iv = randomString(); $iv = randomString();