diff --git a/browser/chromium/decrypt.go b/browser/chromium/decrypt.go index b03bfc8..1d77905 100644 --- a/browser/chromium/decrypt.go +++ b/browser/chromium/decrypt.go @@ -37,7 +37,7 @@ func decryptValue(masterKeys masterkey.MasterKeys, ciphertext []byte) ([]byte, e // exercise the same decryption path as Windows. return crypto.DecryptChromiumV20(masterKeys.V20, ciphertext) case crypto.CipherV12: - // Chromium's SecretPortalKeyRetriever (Flatpak / xdg-desktop-portal) — HKDF-SHA256 + + // Chromium's SecretPortalKeyProvider (Flatpak / xdg-desktop-portal) — HKDF-SHA256 + // AES-256-GCM with a secret retrieved via org.freedesktop.portal.Desktop. Recognized here // to surface an actionable "known gap" error rather than the generic "unsupported" one. return nil, fmt.Errorf("unsupported cipher version v12 (Chromium SecretPortal / Flatpak; not yet implemented)") diff --git a/masterkey/retriever.go b/masterkey/retriever.go index 910435b..6ed14da 100644 --- a/masterkey/retriever.go +++ b/masterkey/retriever.go @@ -1,4 +1,4 @@ -// Package keys retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format). +// Package masterkey retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format). // Firefox and Safari own their own key paths and don't route through here. package masterkey @@ -24,7 +24,7 @@ type Retriever interface { RetrieveKey(hints Hints) ([]byte, error) } -// ChainRetriever tries retrievers in order, first success wins (macOS: gcoredump→password→security; Linux: D-Bus→peanuts). +// ChainRetriever tries retrievers in order, first success wins (macOS V10: gcoredump→password→security). type ChainRetriever struct { retrievers []Retriever }