-
Will Harris authored
A data encryption key is stored in profile and encrypted with DPAPI. DPAPI is needed during initialization but not during encrypt/decrypt operations. Data encrypted with the new key has a header to indicate the correct key to use, or whether it was originally encrypted with raw DPAPI. This allows code that uses os_crypt to run inside the sandbox as long as Init() is called before lockdown, or the key is manually set by calling SetRawEncryptionKey(). The network process, which uses os_crypt to encrypt some cookies, is now passed the encryption key via the mojo SetEncryptionKey interface, which is already used on macOS for the same purpose. NOTE: Reverting this CL will cause user data loss so please consult before doing so. BUG=1000799 Change-Id: I4453c4efbe52eaf4a264e12eb789219578e9caa6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1842671Reviewed-by:
John Abd-El-Malek <jam@chromium.org> Reviewed-by:
Lei Zhang <thestig@chromium.org> Reviewed-by:
Christos Froussios <cfroussios@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#707696}
265b3947
