if let Some(key_config) = key_config {
let password_fn = || { Ok(password.as_bytes().to_vec()) };
- let key = match key_config.decrypt(&password_fn) {
- Ok((key, ..)) => key,
- Err(_) => {
- match key_config.hint {
- Some(hint) => {
- bail!("decrypt key failed (password hint: {})", hint);
- }
- None => {
- bail!("decrypt key failed (wrong password)");
- }
- }
- }
- };
+ let (key, ..) = key_config.decrypt(&password_fn)?;
config::tape_encryption_keys::insert_key(key, key_config)?;
} else {
bail!("media does not contain any encryption key configuration");
let derived_key = kdf.derive_key(&passphrase)?;
if raw_data.len() < 32 {
- bail!("Unable to encode key - short data");
+ bail!("Unable to decrypt key - short data");
}
let iv = &raw_data[0..16];
let tag = &raw_data[16..32];
b"",
&enc_data,
&tag,
- ).map_err(|err| format_err!("Unable to decrypt key (wrong password?) - {}", err))?
+ ).map_err(|err| {
+ match self.hint {
+ Some(ref hint) => {
+ format_err!("Unable to decrypt key (password hint: {})", hint)
+ }
+ None => {
+ format_err!("Unable to decrypt key (wrong password?) - {}", err)
+ }
+ }
+ })?
} else {
raw_data.clone()