Skip to content

feat: include enterpriseId as AAD in passkeys encryption process#9210

Merged
danielpeng1 merged 2 commits into
masterfrom
WCN-1074/enterpriseid-aad-passkeys-cure53
Jul 9, 2026
Merged

feat: include enterpriseId as AAD in passkeys encryption process#9210
danielpeng1 merged 2 commits into
masterfrom
WCN-1074/enterpriseid-aad-passkeys-cure53

Conversation

@danielpeng1

@danielpeng1 danielpeng1 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Adding enterpriseId as AES-GCM AAD to PRF-encrypted private keys

  • Thus with ADD a ciphertext encrypted under a given enterprise has a cryptographic binding to that enterprise.
  • Decryption is fully backward-compatible: decryptV2 reads adata from the envelope, old blobs (no adata) continue to decrypt normally, and no API signatures changed.

Note: what if no enterprise?

  • attachPasskeyToWallet: safe, already throws before reaching encrypt if enterprise is missing

and

  • wallets.ts wallet creation: params.enterprise is enterprise?: string (optional). undefined is handled
  • wallets.ts bulk share accept: walletShare.enterprise is also optional. undefined is handled

so enterprise membership should already be enforced by the server first.

Ticket: WCN-1074

@danielpeng1 danielpeng1 self-assigned this Jul 8, 2026
@linear-code

linear-code Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

WCN-1074

@danielpeng1 danielpeng1 marked this pull request as ready for review July 8, 2026 16:46
@danielpeng1 danielpeng1 requested review from a team as code owners July 8, 2026 16:46
@danielpeng1 danielpeng1 requested review from bdesoky and vibhavgo July 8, 2026 16:46

@OttoAllmendinger OttoAllmendinger left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add a test that shows that adata: undefined and omitted adata are equivalent

Comment thread modules/passkey-crypto/src/attachPasskeyToWallet.ts

@vibhavgo vibhavgo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we also add a test to ensure that a key encrypted in one enterprise context shouldn't be able to be decrypted in another enterprise context?

@danielpeng1 danielpeng1 merged commit b195d56 into master Jul 9, 2026
36 of 38 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants