[PM-9465] Move shared ipc keys to main process (#9944)

* Remove old biometrics masterkey logic * Move shared ipc keys to main process * Update apps/desktop/src/platform/services/ephemeral-value-storage.main.service.ts Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com> * Extract ephemeral store functions to it's own object --------- Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2025-12-16 08:13:42 +00:00 · 2024-07-31 16:03:13 +02:00
parent 4a0b6fc191
commit 537fa67b09
4 changed files with 40 additions and 6 deletions
--- a/apps/desktop/src/services/native-messaging.service.ts
+++ b/apps/desktop/src/services/native-messaging.service.ts
@@ -30,8 +30,6 @@ const HashAlgorithmForAsymmetricEncryption = "sha1";

@Injectable()
 export class NativeMessagingService {
-  private sharedSecrets = new Map<string, SymmetricCryptoKey>();
-
  constructor(
    private cryptoFunctionService: CryptoFunctionService,
    private cryptoService: CryptoService,
@@ -104,7 +102,7 @@ export class NativeMessagingService {
      return;
    }

-    if (this.sharedSecrets.get(appId) == null) {
+    if ((await ipc.platform.ephemeralStore.getEphemeralValue(appId)) == null) {
      ipc.platform.nativeMessaging.sendMessage({
        command: "invalidateEncryption",
        appId: appId,
@@ -115,7 +113,7 @@ export class NativeMessagingService {
    const message: LegacyMessage = JSON.parse(
      await this.cryptoService.decryptToUtf8(
        rawMessage as EncString,
-        this.sharedSecrets.get(appId),
+        SymmetricCryptoKey.fromString(await ipc.platform.ephemeralStore.getEphemeralValue(appId)),
      ),
    );

@@ -205,7 +203,7 @@ export class NativeMessagingService {

    const encrypted = await this.cryptoService.encrypt(
      JSON.stringify(message),
-      this.sharedSecrets.get(appId),
+      SymmetricCryptoKey.fromString(await ipc.platform.ephemeralStore.getEphemeralValue(appId)),
    );

    ipc.platform.nativeMessaging.sendMessage({ appId: appId, message: encrypted });
@@ -213,7 +211,10 @@ export class NativeMessagingService {

  private async secureCommunication(remotePublicKey: Uint8Array, appId: string) {
    const secret = await this.cryptoFunctionService.randomBytes(64);
-    this.sharedSecrets.set(appId, new SymmetricCryptoKey(secret));
+    await ipc.platform.ephemeralStore.setEphemeralValue(
+      appId,
+      new SymmetricCryptoKey(secret).keyB64,
+    );

    const encryptedSecret = await this.cryptoFunctionService.rsaEncrypt(
      secret,