From 616a992c2cdc59f169ab63bf22e306c1f31e9aec Mon Sep 17 00:00:00 2001 From: moonD4rk Date: Mon, 1 Jun 2026 15:55:08 +0800 Subject: [PATCH] fix(masterkey): address review comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Package doc keys→masterkey; drop the inaccurate Linux example from the ChainRetriever doc (Linux wires tiers independently); SecretPortal naming → Provider. --- browser/chromium/decrypt.go | 2 +- masterkey/retriever.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/browser/chromium/decrypt.go b/browser/chromium/decrypt.go index b03bfc8..1d77905 100644 --- a/browser/chromium/decrypt.go +++ b/browser/chromium/decrypt.go @@ -37,7 +37,7 @@ func decryptValue(masterKeys masterkey.MasterKeys, ciphertext []byte) ([]byte, e // exercise the same decryption path as Windows. return crypto.DecryptChromiumV20(masterKeys.V20, ciphertext) case crypto.CipherV12: - // Chromium's SecretPortalKeyRetriever (Flatpak / xdg-desktop-portal) — HKDF-SHA256 + + // Chromium's SecretPortalKeyProvider (Flatpak / xdg-desktop-portal) — HKDF-SHA256 + // AES-256-GCM with a secret retrieved via org.freedesktop.portal.Desktop. Recognized here // to surface an actionable "known gap" error rather than the generic "unsupported" one. return nil, fmt.Errorf("unsupported cipher version v12 (Chromium SecretPortal / Flatpak; not yet implemented)") diff --git a/masterkey/retriever.go b/masterkey/retriever.go index 910435b..6ed14da 100644 --- a/masterkey/retriever.go +++ b/masterkey/retriever.go @@ -1,4 +1,4 @@ -// Package keys retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format). +// Package masterkey retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format). // Firefox and Safari own their own key paths and don't route through here. package masterkey @@ -24,7 +24,7 @@ type Retriever interface { RetrieveKey(hints Hints) ([]byte, error) } -// ChainRetriever tries retrievers in order, first success wins (macOS: gcoredump→password→security; Linux: D-Bus→peanuts). +// ChainRetriever tries retrievers in order, first success wins (macOS V10: gcoredump→password→security). type ChainRetriever struct { retrievers []Retriever }