at the moment if an encryptedKey is detected in config.json and the user has not passed in a password as a cli argument, the program stops and demands a password to decrypt the key with.
this makes sense except for the case where the encryptedKey cipher text (when decoded from hex) has the prefix v10. the v10 prefix means the key was encrypted with the default key "peanutes". this case was observed in #3
checking for the v10 prefix should happen earlier in the program and handled earlier so the use can stay blissfully unaware.
at the moment if an `encryptedKey` is detected in `config.json` and the user has not passed in a password as a cli argument, the program stops and demands a password to decrypt the key with.
this makes sense except for the case where the `encryptedKey` cipher text (when decoded from hex) has the prefix `v10`. the `v10` prefix means [the key was encrypted with the default key "peanutes"](https://control-plane.io/posts/abusing-vscode-from-malicious-extensions-to-stolen-credentials-part-2/#electron-safestorage). this case was observed in https://git.woodbine.nyc/p/signal_group_analysis/issues/3#issuecomment-68
checking for the v10 prefix should happen earlier in the program and handled earlier so the use can stay blissfully unaware.
p
at the moment if an
encryptedKeyis detected inconfig.jsonand the user has not passed in a password as a cli argument, the program stops and demands a password to decrypt the key with.this makes sense except for the case where the
encryptedKeycipher text (when decoded from hex) has the prefixv10. thev10prefix means the key was encrypted with the default key "peanutes". this case was observed in #3checking for the v10 prefix should happen earlier in the program and handled earlier so the use can stay blissfully unaware.