resilar
commented
5 years ago Addressed in commit 4c24a3d, hopefully adequately.
One comment though: specifying the salt makes also sense when re-encrypting (rekeying) the database.
Closed utelle closed 5 years ago
resilar
commented
5 years ago Addressed in commit 4c24a3d, hopefully adequately.
One comment though: specifying the salt makes also sense when re-encrypting (rekeying) the database.
IMHO the new raw key feature deserves a slightly more elaborate documentation regarding its behaviour in certain "special" cases:
1) If the length of the raw key is not exactly 32, it is handled as a normal key (including the "raw:" prefix). 2) If the length of the raw key plus salt is not exactly 32+16 (48), it is handled as a normal key (including the "raw:" prefix). 3) If the length of the hex encoded key is not exactly 64, it is handled as a normal key (including the "raw:" prefix). 4) If the length of the hex encoded key plus salt is not exactly 64+32 (96), it is handled as a normal key (including the "raw:" prefix). 5) If the hex encoding of key and/or salt is erroneous, the key is handled as a normal key (including the "raw:" prefix). 6) Specifying the salt together with the key makes only sense when creating a new database. For an existing database the salt stored in the database header is used and the specified salt is silently ignored, even if it is different from the stored salt.
I'm fine with the behaviour as implemented. However it should be documented, so that users are aware of it.