Improve key store passphrase crypto

* Change MAC-then-Encrypt to Encrypt-then-MAC * Change AES256 to AES128 * Use first 16 bytes of KDF derived key for AES and remaining 16 for MAC
2015-04-02 18:15:58 +02:00
parent 9918b6c84e
commit 6b23094cff
4 changed files with 33 additions and 25 deletions
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@ -252,7 +252,7 @@ func aesCBCDecrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte,
 	decrypter.CryptBlocks(paddedPlainText, cipherText)
 	plainText = PKCS7Unpad(paddedPlainText)
 	if plainText == nil {
-		err = errors.New("Decryption failed: PKCS7Unpad failed after decryption")
+		err = errors.New("Decryption failed: PKCS7Unpad failed after AES decryption")
 	}
 	return plainText, err
 }