Ensures that if an old or unstable secret file cannot be decrypted (e.g. due to the previous unstable fingerprint logic), the system will automatically start fresh instead of blocking the user with an error.
Throwing remains active for the current (v3) storage format to maintain security integrity.
Resolves 'corrupted file' errors by making the hardware fingerprint resilient to environmental changes:
- Removed unstable MAC addresses and Disk serials from the Master Key derivation.
- Refactored identifier collection to be additive and non-throwing, ensuring a consistent fingerprint structure.
- Migrated storage to v3 filename (.sys-service-v3.db) to clear previous unstable states.
- Implemented robust migration from legacy v1 and unstable v2 formats.
- Standardized sanitized service name usage across file paths and cryptographic passwords.
- Moved installation ID to GEMINI_DIR for better container/sandbox compatibility.
Removes Inode and Birthtime from the Master Key derivation shards.
These identifiers were too volatile for atomic write operations (which change inodes) and did not survive extension re-installs or file moves.
Master Key security remains extremely high, relying on:
- OS Keychain Shard (Tier 1)
- Physical Shard (~/.gemini_id) (Tier 2)
- Deep Hardware Binding (Motherboard, Disk, MAC) (Tier 3)
- Cryptographic Pepper (Tier 4)
Implements elite security features for file-based secret storage fallback:
- Deep Hardware Binding: Cryptographically ties secrets to Baseboard, Disk, and MAC serials.
- Secret-Level Double-Encryption: Individually encrypts each secret within the vault.
- Multi-Factor Sharding: Incorporates a hidden installation ID (~/.gemini_id) as a physical shard.
- Atomic Operations: Prevents file corruption using temp-write and atomic rename.
- Stealth Obfuscation: Uses binary-like naming and random padding to hide data length.
- Graceful Degradation: Automatically handles headless environments without D-Bus.
- Full backward compatibility with automatic upgrade from v1.
- Removes noisy console.error in Keychain availability check.
Implements FileSecretStorage and HybridSecretStorage to allow the CLI
to fall back to a secure encrypted local file when the system keychain
is unavailable (e.g. headless Linux). Updates Extension Settings to
use this hybrid approach.
Ensures that multiple concurrent calls to getKeytar or checkKeychainAvailability
wait for a single operation to complete using promise-based guards. This
prevents scenarios where a slow module load or availability check could result
in a permanently cached 'unavailable' state.
galz10