Ensure error messages don't leak private key

Since #8766, invalid base64 is rendered in errors, but we don't actually want to show this in the case of an invalid private keys. Co-Authored-By: Eelco Dolstra <edolstra@gmail.com>
2025-12-19 23:41:07 +01:00 · 2024-09-17 15:25:30 -04:00 · 2024-09-17 15:25:30 -04:00 · 2b6b03d8df
commit 2b6b03d8df
parent d0c351bf43
10 changed files with 68 additions and 22 deletions
--- a/src/libutil/signature/local-keys.hh
+++ b/src/libutil/signature/local-keys.hh
@ -31,15 +31,19 @@ struct Key
    std::string name;
    std::string key;

-    /**
-     * Construct Key from a string in the format
-     * ‘<name>:<key-in-base64>’.
-     */
-    Key(std::string_view s);
-
    std::string to_string() const;

 protected:
+
+    /**
+     * Construct Key from a string in the format
+     * ‘<name>:<key-in-base64>’.
+     *
+     * @param sensitiveValue Avoid displaying the raw Base64 in error
+     * messages to avoid leaking private keys.
+     */
+    Key(std::string_view s, bool sensitiveValue);
+
    Key(std::string_view name, std::string && key)
        : name(name), key(std::move(key)) { }
 };