sneak/secret
1
0
Fork 1
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix getLongTermPrivateKey derivation index hardcoded to 0 (closes #3) #8

Merged
sneak merged 4 commits from clawbot/secret:fix/issue-3 into main 2026-02-20 08:58:21 +01:00
Conversation 11 Commits 4 Files Changed 2 +101 -2

4 Commits

Author SHA1 Message Date
Jeffrey Paul
206651f89a Merge branch 'main' into fix/issue-3 2026-02-20 08:58:10 +01:00
clawbot
596027f210 fix: suppress gosec G204 for validated GPG key ID inputs 2026-02-19 23:43:13 -08:00
clawbot
0aa9a52497 test: add test for getLongTermPrivateKey derivation index 
Verifies that getLongTermPrivateKey reads the derivation index from
vault metadata instead of using hardcoded index 0. Test creates a
mock vault with DerivationIndex=5 and confirms the derived key
matches index 5.
 2026-02-19 23:43:13 -08:00
clawbot
09ec79c57e fix: use vault derivation index in getLongTermPrivateKey instead of hardcoded 0 
Previously, getLongTermPrivateKey() always used derivation index 0 when
deriving the long-term key from a mnemonic. This caused wrong key
derivation for vaults with index > 0 (second+ vault from same mnemonic),
leading to silent data corruption in keychain unlocker creation.

Now reads the vault's actual DerivationIndex from vault-metadata.json.
 2026-02-19 23:43:13 -08:00