Skip to content

Commit

Permalink
Merge pull request #8 from SquirrelDeveloper/patch-1
Browse files Browse the repository at this point in the history
Fix padding issue with Ansible vault for special whars
  • Loading branch information
commenthol authored Jul 24, 2024
2 parents 7e982a7 + bc2ae9b commit d0f4781
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -139,11 +139,11 @@ class Vault {
_cipher (secret, id, salt, derivedKey) {
const { key, hmacKey, iv } = derivedKey
const cipherF = crypto.createCipheriv(CIPHER, key, iv)
const ciphertext = Buffer.concat([
cipherF.update(secret),
cipherF.update(pkcs7.pad(secret.length, 16)),
cipherF.final()
])
const finalInput = Buffer.concat([
Buffer.from(secret, 'utf-8'),
pkcs7.pad(Buffer.from(secret, 'utf-8').length, 16),
]);
const ciphertext = Buffer.concat([cipherF.update(finalInput), cipherF.final()]);

const hmac = this._hmac(hmacKey, ciphertext)
const hex = [ salt, hmac, ciphertext ].map(buf => buf.toString('hex')).join('\n')
Expand Down
13 changes: 13 additions & 0 deletions test/index.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,19 @@ describe('ansible-vault', function () {
strictEqual(_secret, secret)
})
})

it('shall encrypt and decrypt with special characters', function () {
const v = new Vault({ password })
const secretWithSpecialChars = "pa§§w0rd"
return v.encrypt(secretWithSpecialChars, 'prod')
.then(_vault => {
log(_vault)
return v.decrypt(_vault)
})
.then(_secret => {
strictEqual(_secret, secretWithSpecialChars)
})
})
})

describe('1.2', function () {
Expand Down

0 comments on commit d0f4781

Please sign in to comment.