npm - passwd-sso-cli - Versions diffs - 0.4.17 → 0.4.19 - Mend

passwd-sso-cli 0.4.17 → 0.4.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/commands/agent-decrypt.js +4 -0
package/dist/lib/crypto.js +6 -0
package/package.json +1 -1

package/dist/commands/agent-decrypt.js CHANGED Viewed

@@ -206,6 +206,8 @@ async function forkDaemon(socketPath) {
     }
     // Send secret key bytes (not derived CryptoKey) — child will derive encryption key
     const secretHex = hexEncode(secretBytes);
+    // Zero source bytes immediately — hex string is immutable in V8 but source array can be wiped
+    secretBytes.fill(0);
     const userId = getUserId();
     // Reconstruct args for child: remove --eval, add internal daemon flag.
     // Preserve tsx loader flags (--require, --import) so .ts files work in child.
@@ -253,6 +255,8 @@ function runDaemonChild() {
                 const { hexDecode, deriveEncryptionKey } = await import("../lib/crypto.js");
                 const secretBytes = hexDecode(msg.secretHex);
                 const key = await deriveEncryptionKey(secretBytes);
+                // Zero secret bytes after key derivation — key material no longer needed in raw form
+                secretBytes.fill(0);
                 setEncryptionKey(key, msg.userId ?? undefined);
                 // Acknowledge to parent
                 process.send("ready");

package/dist/lib/crypto.js CHANGED Viewed

@@ -55,6 +55,11 @@ export async function deriveEncryptionKey(secretKey) {
     return crypto.subtle.deriveKey({
         name: "HKDF",
         hash: "SHA-256",
+        // Risk-accepted: zero salt. The IKM (secretKey) is a 256-bit random value
+        // wrapped by PBKDF2(600k iterations), providing full entropy. RFC 5869 §3.1
+        // notes that a zero salt defaults to HashLen zeros and is acceptable when
+        // the IKM is already uniformly random. Domain separation relies on the
+        // distinct `info` parameter (HKDF_ENC_INFO vs HKDF_AUTH_INFO).
         salt: new ArrayBuffer(32),
         info: textEncode(HKDF_ENC_INFO),
     }, hkdfKey, { name: "AES-GCM", length: AES_KEY_LENGTH }, false, ["encrypt", "decrypt"]);
@@ -64,6 +69,7 @@ export async function deriveAuthKey(secretKey) {
     return crypto.subtle.deriveKey({
         name: "HKDF",
         hash: "SHA-256",
+        // See deriveEncryptionKey for zero-salt risk acceptance rationale
         salt: new ArrayBuffer(32),
         info: textEncode(HKDF_AUTH_INFO),
     }, hkdfKey, { name: "HMAC", hash: "SHA-256", length: AES_KEY_LENGTH }, true, ["sign"]);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "passwd-sso-cli",
-  "version": "0.4.17",
+  "version": "0.4.19",
   "description": "CLI for passwd-sso password manager",
   "type": "module",
   "license": "MIT",