암호 키 생성 및 등록시 HSK도 함께 생성 및 등록하도록 변경

2025-12-16 06:58:46 +00:00 · 2025-01-12 21:52:41 +09:00
parent 805d7df182
commit 59c8523e25
15 changed files with 183 additions and 33 deletions
--- a/src/lib/modules/crypto/aes.ts
+++ b/src/lib/modules/crypto/aes.ts
@@ -55,6 +55,27 @@ export const unwrapDataKey = async (dataKeyWrapped: string, masterKey: CryptoKey
  };
 };

+export const wrapHmacSecret = async (hmacSecret: CryptoKey, masterKey: CryptoKey) => {
+  return encodeToBase64(await window.crypto.subtle.wrapKey("raw", hmacSecret, masterKey, "AES-KW"));
+};
+
+export const unwrapHmacSecret = async (hmacSecretWrapped: string, masterKey: CryptoKey) => {
+  return {
+    hmacSecret: await window.crypto.subtle.unwrapKey(
+      "raw",
+      decodeFromBase64(hmacSecretWrapped),
+      masterKey,
+      "AES-KW",
+      {
+        name: "HMAC",
+        hash: "SHA-256",
+      } satisfies HmacImportParams,
+      false, // Nonextractable
+      ["sign", "verify"],
+    ),
+  };
+};
+
 export const encryptData = async (data: BufferSource, dataKey: CryptoKey) => {
  const iv = window.crypto.getRandomValues(new Uint8Array(12));
  const ciphertext = await window.crypto.subtle.encrypt(