fix(cli): handle empty password in signer generate and sign commands#14941
Open
veeceey wants to merge 2 commits intotauri-apps:devfrom
Open
fix(cli): handle empty password in signer generate and sign commands#14941veeceey wants to merge 2 commits intotauri-apps:devfrom
veeceey wants to merge 2 commits intotauri-apps:devfrom
Conversation
When generating or signing with an empty password (`-p ""`), minisign's
`generate_encrypted_keypair(Some(""))` sets KDF parameters but skips
actual encryption, creating an inconsistent key state. Later,
`into_secret_key(Some(""))` tries scrypt decryption on unencrypted data,
corrupting it and failing with "Wrong password for that key".
Fix by normalizing empty passwords to None and using the appropriate
unencrypted key APIs:
- generate_key: use generate_unencrypted_keypair() for empty passwords
- secret_key: use into_unencrypted_secret_key() for empty passwords
Closes tauri-apps#14829
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes an issue where running
tauri signer generate -p ""followed bytauri signer sign -p ""would fail withincorrect updater private key password: Wrong password for that key.The root cause is in how minisign handles empty passwords internally:
generate_encrypted_keypair(Some(""))sets KDF parameters (scrypt algorithm, salt, etc.) but skips actual encryption becausepassword.is_empty()is trueinto_secret_key(Some(""))sees the KDF parameters and attempts scrypt-based decryption on data that was never encryptedThe fix normalizes empty passwords to
Noneand uses the appropriate unencrypted key APIs:generate_key: usesgenerate_unencrypted_keypair()when password is emptysecret_key: usesinto_unencrypted_secret_key()when password is emptyThis ensures keys generated without a password are properly stored as unencrypted (
KDF_NONE) and can be loaded without attempting decryption.Closes #14829
Test plan
generate_and_sign_with_empty_passwordtest - roundtrip generate + sign withSome("")generate_and_sign_with_no_passwordtest - roundtrip generate + sign withNonegenerate_with_password_and_signtest - roundtrip with actual passwordempty_password_sign_then_none_sign_are_interchangeabletest - verifiesSome("")andNoneare treated identically