프론트엔드에서의 암호 키 관련된 변수 이름 리팩토링

2025-12-15 22:38:47 +00:00 · 2024-12-31 06:20:23 +09:00
parent be70ef1507
commit 214568f2ee
13 changed files with 137 additions and 145 deletions
--- a/src/lib/hooks/gotoStateful.ts
+++ b/src/lib/hooks/gotoStateful.ts
@@ -4,14 +4,12 @@ type Path = "/key/export";

 interface KeyExportState {
  redirectPath: string;
-  encKeyPair: {
-    pubKeyBase64: string;
-    privKeyBase64: string;
-  };
-  sigKeyPair: {
-    pubKeyBase64: string;
-    privKeyBase64: string;
-  };
+
+  encryptKeyBase64: string;
+  decryptKeyBase64: string;
+  signKeyBase64: string;
+  verifyKeyBase64: string;
+
  mekDraft: ArrayBuffer;
 }

--- a/src/lib/indexedDB.ts
+++ b/src/lib/indexedDB.ts
@@ -12,7 +12,7 @@ const keyStore = new Dexie("keyStore") as Dexie & {
 };

 keyStore.version(1).stores({
-  rsaKey: "usage, key",
+  rsaKey: "usage",
 });

 export const getRSAKey = async (usage: RSAKeyUsage) => {
@@ -21,11 +21,23 @@ export const getRSAKey = async (usage: RSAKeyUsage) => {
 };

 export const storeRSAKey = async (key: CryptoKey, usage: RSAKeyUsage) => {
-  if ((usage === "encrypt" || usage === "verify") && !key.extractable) {
-    throw new Error("Public key must be extractable");
-  } else if ((usage === "decrypt" || usage === "sign") && key.extractable) {
-    throw new Error("Private key must be non-extractable");
+  switch (usage) {
+    case "encrypt":
+    case "verify":
+      if (key.type !== "public") {
+        throw new Error("Public key required");
+      } else if (!key.extractable) {
+        throw new Error("Public key must be extractable");
+      }
+      break;
+    case "decrypt":
+    case "sign":
+      if (key.type !== "private") {
+        throw new Error("Private key required");
+      } else if (key.extractable) {
+        throw new Error("Private key must be non-extractable");
+      }
+      break;
  }
-
  await keyStore.rsaKey.put({ usage, key });
 };
--- a/src/lib/services/auth.ts
+++ b/src/lib/services/auth.ts
@@ -6,10 +6,10 @@ import {
 } from "$lib/modules/crypto";

 export const requestTokenUpgrade = async (
-  encPubKeyBase64: string,
-  encPrivKey: CryptoKey,
-  sigPubKeyBase64: string,
-  sigPrivKey: CryptoKey,
+  encryptKeyBase64: string,
+  decryptKey: CryptoKey,
+  verifyKeyBase64: string,
+  signKey: CryptoKey,
 ) => {
  let res = await fetch("/api/auth/upgradeToken", {
    method: "POST",
@@ -17,15 +17,15 @@ export const requestTokenUpgrade = async (
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
-      encPubKey: encPubKeyBase64,
-      sigPubKey: sigPubKeyBase64,
+      encPubKey: encryptKeyBase64,
+      sigPubKey: verifyKeyBase64,
    }),
  });
  if (!res.ok) return false;

  const { challenge } = await res.json();
-  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), encPrivKey);
-  const sigAnswer = await signRSAMessage(answer, sigPrivKey);
+  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey);
+  const sigAnswer = await signRSAMessage(answer, signKey);

  res = await fetch("/api/auth/upgradeToken/verify", {
    method: "POST",
--- a/src/lib/services/key.ts
+++ b/src/lib/services/key.ts
@@ -7,10 +7,10 @@ import {
 } from "$lib/modules/crypto";

 export const requestClientRegistration = async (
-  encPubKeyBase64: string,
-  encPrivKey: CryptoKey,
-  sigPubKeyBase64: string,
-  sigPrivKey: CryptoKey,
+  encryptKeyBase64: string,
+  decryptKey: CryptoKey,
+  verifyKeyBase64: string,
+  signKey: CryptoKey,
 ) => {
  let res = await callAPI("/api/client/register", {
    method: "POST",
@@ -18,15 +18,15 @@ export const requestClientRegistration = async (
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
-      encPubKey: encPubKeyBase64,
-      sigPubKey: sigPubKeyBase64,
+      encPubKey: encryptKeyBase64,
+      sigPubKey: verifyKeyBase64,
    }),
  });
  if (!res.ok) return false;

  const { challenge } = await res.json();
-  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), encPrivKey);
-  const sigAnswer = await signRSAMessage(answer, sigPrivKey);
+  const answer = await decryptRSACiphertext(decodeFromBase64(challenge), decryptKey);
+  const sigAnswer = await signRSAMessage(answer, signKey);

  res = await callAPI("/api/client/verify", {
    method: "POST",
--- a/src/lib/stores/key.ts
+++ b/src/lib/stores/key.ts
@@ -1,9 +1,11 @@
 import { writable } from "svelte/store";

-interface KeyPairs {
-  encKeyPair: CryptoKeyPair;
-  sigKeyPair: CryptoKeyPair;
+export interface ClientKeys {
+  encryptKey: CryptoKey;
+  decryptKey: CryptoKey;
+  signKey: CryptoKey;
+  verifyKey: CryptoKey;
 }

-export const keyPairsStore = writable<KeyPairs | null>(null);
+export const clientKeyStore = writable<ClientKeys | null>(null);
 export const mekStore = writable<Map<number, CryptoKey>>(new Map());