ReMemory Protocol V2: Shamir uses Raw Bytes instead of base64

Author: eljojo

internal/cmd/recover.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"bytes"
+	"encoding/base64"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -101,15 +102,24 @@ func runRecover(cmd *cobra.Command, args []string) error {
 	}
 
 	// Reconstruct passphrase
-	passphrase, err := core.Combine(shareData)
+	recovered, err := core.Combine(shareData)
 	if err != nil {
 		return fmt.Errorf("combining shares: %w", err)
 	}
 
+	// v2 shares contain raw bytes; base64url-encode to get the age passphrase.
+	// v1 shares contain the base64 string directly.
+	var passphrase string
+	if first.Version >= 2 {
+		passphrase = base64.RawURLEncoding.EncodeToString(recovered)
+	} else {
+		passphrase = string(recovered)
+	}
+
 	if recoverPassphrase {
 		fmt.Println()
 		fmt.Println("Recovered passphrase:")
-		fmt.Println(string(passphrase))
+		fmt.Println(passphrase)
 		return nil
 	}
 
@@ -132,7 +142,7 @@ func runRecover(cmd *cobra.Command, args []string) error {
 	}
 
 	var decryptedBuf bytes.Buffer
-	if err := core.Decrypt(&decryptedBuf, bytes.NewReader(encryptedData), string(passphrase)); err != nil {
+	if err := core.Decrypt(&decryptedBuf, bytes.NewReader(encryptedData), passphrase); err != nil {
 		return fmt.Errorf("decryption failed (shares may be corrupted or from different operation): %w", err)
 	}
 

internal/cmd/seal.go

@@ -7,6 +7,8 @@ import (
 	"path/filepath"
 	"time"
 
+	"encoding/base64"
+
 	"github.com/eljojo/rememory/internal/bundle"
 	"github.com/eljojo/rememory/internal/core"
 	"github.com/eljojo/rememory/internal/crypto"
@@ -104,8 +106,8 @@ func sealProject(p *project.Project, recoveryURL string) error {
 		fmt.Printf("  Warning: %s\n", warning)
 	}
 
-	// Generate passphrase
-	passphrase, err := crypto.GeneratePassphrase(crypto.DefaultPassphraseBytes)
+	// Generate passphrase (v2: split raw bytes, not the base64 string)
+	raw, passphrase, err := crypto.GenerateRawPassphrase(crypto.DefaultPassphraseBytes)
 	if err != nil {
 		return fmt.Errorf("generating passphrase: %w", err)
 	}
@@ -133,8 +135,8 @@ func sealProject(p *project.Project, recoveryURL string) error {
 
 	fmt.Printf("Splitting into %d shares (threshold: %d)...\n", len(p.Friends), p.Threshold)
 
-	// Split the passphrase
-	shares, err := core.Split([]byte(passphrase), len(p.Friends), p.Threshold)
+	// Split the raw bytes (v2: 32 bytes instead of 43-byte base64 string)
+	shares, err := core.Split(raw, len(p.Friends), p.Threshold)
 	if err != nil {
 		return fmt.Errorf("splitting passphrase: %w", err)
 	}
@@ -143,7 +145,7 @@ func sealProject(p *project.Project, recoveryURL string) error {
 	shareInfos := make([]project.ShareInfo, len(shares))
 	for i, shareData := range shares {
 		friend := p.Friends[i]
-		share := core.NewShare(i+1, len(p.Friends), p.Threshold, friend.Name, shareData)
+		share := core.NewShare(2, i+1, len(p.Friends), p.Threshold, friend.Name, shareData)
 
 		filename := share.Filename()
 		sharePath := filepath.Join(sharesDir, filename)
@@ -176,7 +178,7 @@ func sealProject(p *project.Project, recoveryURL string) error {
 		fmt.Println("FAILED")
 		return fmt.Errorf("verification failed: %w", err)
 	}
-	if string(recovered) != passphrase {
+	if base64.RawURLEncoding.EncodeToString(recovered) != passphrase {
 		fmt.Println("FAILED")
 		return fmt.Errorf("verification failed: reconstructed passphrase doesn't match")
 	}

internal/core/core_test.go

@@ -192,7 +192,7 @@ func TestValidateShamirParams(t *testing.T) {
 }
 
 func TestShareEncodeDecode(t *testing.T) {
-	original := NewShare(1, 5, 3, "Alice", []byte("test-share-data"))
+	original := NewShare(1, 1, 5, 3, "Alice", []byte("test-share-data"))
 
 	encoded := original.Encode()
 
@@ -225,7 +225,7 @@ func TestShareEncodeDecode(t *testing.T) {
 }
 
 func TestShareVerify(t *testing.T) {
-	share := NewShare(1, 5, 3, "Alice", []byte("test-data"))
+	share := NewShare(1, 1, 5, 3, "Alice", []byte("test-data"))
 
 	// Valid checksum
 	if err := share.Verify(); err != nil {
@@ -251,7 +251,7 @@ func TestShareFilename(t *testing.T) {
 	}
 
 	for _, tt := range tests {
-		share := NewShare(1, 3, 2, tt.holder, []byte("data"))
+		share := NewShare(1, 1, 3, 2, tt.holder, []byte("data"))
 		got := share.Filename()
 		if got != tt.expected {
 			t.Errorf("holder %q: got %q, want %q", tt.holder, got, tt.expected)
@@ -260,7 +260,7 @@ func TestShareFilename(t *testing.T) {
 }
 
 func TestCompactEncodeRoundTrip(t *testing.T) {
-	original := NewShare(1, 5, 3, "Alice", []byte("test-share-data-1234567890"))
+	original := NewShare(1, 1, 5, 3, "Alice", []byte("test-share-data-1234567890"))
 
 	compact := original.CompactEncode()
 
@@ -297,7 +297,7 @@ func TestCompactEncodeWithRealShares(t *testing.T) {
 	}
 
 	for i, shareData := range shares {
-		share := NewShare(i+1, 5, 3, "", shareData)
+		share := NewShare(1, i+1, 5, 3, "", shareData)
 		compact := share.CompactEncode()
 
 		decoded, err := ParseCompact(compact)
@@ -311,7 +311,7 @@ func TestCompactEncodeWithRealShares(t *testing.T) {
 }
 
 func TestCompactEncodeFormat(t *testing.T) {
-	share := NewShare(2, 5, 3, "Bob", []byte{0xDE, 0xAD, 0xBE, 0xEF})
+	share := NewShare(1, 2, 5, 3, "Bob", []byte{0xDE, 0xAD, 0xBE, 0xEF})
 	compact := share.CompactEncode()
 
 	if !strings.HasPrefix(compact, "RM1:") {
@@ -346,7 +346,7 @@ func TestCompactEncodeFormat(t *testing.T) {
 
 func TestParseCompactRejectsBadInput(t *testing.T) {
 	// Build a valid compact string to use as a base
-	share := NewShare(1, 5, 3, "Alice", []byte("valid-data"))
+	share := NewShare(1, 1, 5, 3, "Alice", []byte("valid-data"))
 	valid := share.CompactEncode()
 
 	tests := []struct {
@@ -381,7 +381,7 @@ func TestParseCompactRejectsBadInput(t *testing.T) {
 func TestCompactEncodeNoHolderOrCreated(t *testing.T) {
 	// Compact format intentionally omits Holder and Created metadata
 	// to keep the string short for QR codes
-	share := NewShare(3, 7, 4, "Carol with spaces", []byte("some-share-data"))
+	share := NewShare(1, 3, 7, 4, "Carol with spaces", []byte("some-share-data"))
 	compact := share.CompactEncode()
 	decoded, err := ParseCompact(compact)
 	if err != nil {