feat: use password as part of the encryption key (#213)

Meaning when the password is set, it will be used to decrypt te message. The password will not be part of the key set in the URL at all.

src/client/routes/home/index.jsx

@@ -129,14 +129,17 @@ const Home = () => {
             return;
         }
 
-        const userEncryptionKey = generateKey();
+        const password = form.values.password;
+
+        const publicEncryptionKey = generateKey(password);
+        const encryptionKey = publicEncryptionKey + password;
 
         setCreatingSecret(true);
 
         const body = {
-            text: encrypt(form.values.text, userEncryptionKey),
+            text: encrypt(form.values.text, encryptionKey),
             files: [],
-            title: encrypt(form.values.title, userEncryptionKey),
+            title: encrypt(form.values.title, encryptionKey),
             password: form.values.password,
             ttl: form.values.ttl,
             allowedIp: form.values.allowedIp,
@@ -150,7 +153,7 @@ const Home = () => {
             body.files.push({
                 type: 'application/zip',
                 ext: '.zip',
-                content: encrypt(zipFile, userEncryptionKey),
+                content: encrypt(zipFile, encryptionKey),
             });
         }
 
@@ -173,7 +176,7 @@ const Home = () => {
         }
 
         setSecretId(json.id);
-        setEncryptionKey(userEncryptionKey);
+        setEncryptionKey(publicEncryptionKey);
         form.clearErrors();
         setCreatingSecret(false);
     };
@@ -327,6 +330,8 @@ const Home = () => {
                             styles={groupMobileStyle}
                             icon={<IconLock size={14} />}
                             placeholder={t('home.optional_password')}
+                            minlength="8"
+                            maxLength="28"
                             {...form.getInputProps('password')}
                             readOnly={!enablePassword || inputReadOnly}
                             rightSection={

src/client/routes/secret/index.jsx

@@ -84,7 +84,7 @@ const Secret = () => {
             setError(json.error);
         } else {
             try {
-                const text = decrypt(json.secret, decryptionKey);
+                const text = decrypt(json.secret, decryptionKey + password);
 
                 setSecret(text);
             } catch (error) {
@@ -94,7 +94,7 @@ const Secret = () => {
             }
 
             if (json.title) {
-                setTitle(decrypt(json.title, decryptionKey));
+                setTitle(decrypt(json.title, decryptionKey + password));
             }
 
             if (json.files) {
@@ -138,7 +138,7 @@ const Secret = () => {
         downloadFile({
             file,
             secretId,
-            decryptionKey,
+            decryptionKey: decryptionKey + password,
         });
 
         if (!preventBurn) {
@@ -193,6 +193,7 @@ const Secret = () => {
                             icon={<IconLock size={14} />}
                             placeholder="Your password"
                             value={password}
+                            maxLength="28"
                             onChange={onPasswordChange}
                             required
                             style={{ WebkitTextSecurity: 'disc' }}

src/shared/helpers/crypto.js

@@ -6,7 +6,13 @@ import { Buffer } from 'buffer/';
 const { secretbox, randomBytes } = tweetnacl;
 const { decodeUTF8, encodeUTF8, encodeBase64, decodeBase64 } = tweetnaclUtil;
 
-export const generateKey = () => nanoid(32);
+export const generateKey = (password = '') => {
+    if (password) {
+        return nanoid(32 - password.length);
+    }
+
+    return nanoid(32);
+};
 
 const newNonce = () => randomBytes(secretbox.nonceLength);