fix(masterkey): address review comments

Package doc keys→masterkey; drop the inaccurate Linux example from the ChainRetriever doc (Linux wires tiers independently); SecretPortal naming → Provider.
This commit is contained in:
moonD4rk
2026-06-01 15:55:08 +08:00
parent a2bd523718
commit 616a992c2c
2 changed files with 3 additions and 3 deletions
+1 -1
View File
@@ -37,7 +37,7 @@ func decryptValue(masterKeys masterkey.MasterKeys, ciphertext []byte) ([]byte, e
// exercise the same decryption path as Windows. // exercise the same decryption path as Windows.
return crypto.DecryptChromiumV20(masterKeys.V20, ciphertext) return crypto.DecryptChromiumV20(masterKeys.V20, ciphertext)
case crypto.CipherV12: case crypto.CipherV12:
// Chromium's SecretPortalKeyRetriever (Flatpak / xdg-desktop-portal) — HKDF-SHA256 + // Chromium's SecretPortalKeyProvider (Flatpak / xdg-desktop-portal) — HKDF-SHA256 +
// AES-256-GCM with a secret retrieved via org.freedesktop.portal.Desktop. Recognized here // AES-256-GCM with a secret retrieved via org.freedesktop.portal.Desktop. Recognized here
// to surface an actionable "known gap" error rather than the generic "unsupported" one. // to surface an actionable "known gap" error rather than the generic "unsupported" one.
return nil, fmt.Errorf("unsupported cipher version v12 (Chromium SecretPortal / Flatpak; not yet implemented)") return nil, fmt.Errorf("unsupported cipher version v12 (Chromium SecretPortal / Flatpak; not yet implemented)")
+2 -2
View File
@@ -1,4 +1,4 @@
// Package keys retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format). // Package masterkey retrieves Chromium master keys (per-platform retrievers + a cross-host Dump format).
// Firefox and Safari own their own key paths and don't route through here. // Firefox and Safari own their own key paths and don't route through here.
package masterkey package masterkey
@@ -24,7 +24,7 @@ type Retriever interface {
RetrieveKey(hints Hints) ([]byte, error) RetrieveKey(hints Hints) ([]byte, error)
} }
// ChainRetriever tries retrievers in order, first success wins (macOS: gcoredump→password→security; Linux: D-Bus→peanuts). // ChainRetriever tries retrievers in order, first success wins (macOS V10: gcoredump→password→security).
type ChainRetriever struct { type ChainRetriever struct {
retrievers []Retriever retrievers []Retriever
} }