From 6b23094cff77d7e485e0a2ae5698884f63c87ce7 Mon Sep 17 00:00:00 2001
From: Gustav Simonsson <gustav.simonsson@gmail.com>
Date: Thu, 2 Apr 2015 18:15:58 +0200
Subject: Improve key store passphrase crypto

* Change MAC-then-Encrypt to Encrypt-then-MAC
* Change AES256 to AES128
* Use first 16 bytes of KDF derived key for AES and
  remaining 16 for MAC
---
 crypto/crypto.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index 3c5783014..6fc5bfd36 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -252,7 +252,7 @@ func aesCBCDecrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte,
 	decrypter.CryptBlocks(paddedPlainText, cipherText)
 	plainText = PKCS7Unpad(paddedPlainText)
 	if plainText == nil {
-		err = errors.New("Decryption failed: PKCS7Unpad failed after decryption")
+		err = errors.New("Decryption failed: PKCS7Unpad failed after AES decryption")
 	}
 	return plainText, err
 }
-- 
cgit