Skip to content

[codex] Handle invalid-state persistent key deletion#153

Draft
SirAndrosBot wants to merge 1 commit into
masterfrom
codex/issue-87-delete-key-invalid-state
Draft

[codex] Handle invalid-state persistent key deletion#153
SirAndrosBot wants to merge 1 commit into
masterfrom
codex/issue-87-delete-key-invalid-state

Conversation

@SirAndrosBot

Copy link
Copy Markdown
Collaborator

What changed

  • Treat NCryptDeleteKey HRESULT_FROM_WIN32(ERROR_INVALID_STATE) / 0x8007139F as a tolerated delete-time state in DeletePersistentKey.
  • Still throw for every other NCryptDeleteKey failure.
  • When persistent key integrity fails during provider initialization, clear this plugin's Credential Manager blobs before returning to local cache mode.

Why

Issue #87 reports NCryptDeleteKey — ERROR_INVALID_STATE (0x8007139F). That status means Windows says the resource is not in the correct state for the requested operation. In this cleanup path, surfacing it as an unexpected system error can block the rest of the plugin's invalid-key recovery.

The key point is safety: ignoring this specific delete-time status could leave an orphaned Windows Hello/NGC key object, but the plugin also needs the encrypted database-key payload stored in Credential Manager to unlock a database. This PR clears the plugin's KeePassWinHello_* Credential Manager blobs when persistent key integrity fails, so a stranded NGC key alone is not useful for KeePassWinHello unlock.

Refs #87

Behavior notes

  • This does not ignore arbitrary deletion failures.
  • This does not mark the failed NGC delete as successful; the handle is still disposed normally.
  • Credential Manager cleanup is scoped to this plugin's own target prefix.

Review notes

Reviewer found no blocking issues. One existing caveat remains: KeyWindowsStorage.Clear() currently ignores individual CredDelete failures while clearing plugin blobs. That behavior predates this PR and may deserve a separate hardening change, but expanding it here would broaden the fix.

Validation

  • Worker subagent implemented the narrow fix in an isolated branch.
  • Reviewer subagent found no blocking issues and recommended publishing with the cleanup caveat noted.
  • git diff --check passed with only Git LF-to-CRLF working-copy warnings.
  • MSBuild.exe src\KeePassWinHello.csproj /t:Rebuild /p:Configuration=Release /p:DefineConstants=MONO /p:FrameworkPathOverride=C:\Windows\Microsoft.NET\Framework\v4.0.30319 /p:ReferencePath=C:\proj\KeePassWinHello\lib passed with 0 warnings and 0 errors.

Manual test needed

  • Reproduce NCryptDeleteKey 0x8007139F during persistent-key revocation or invalid-key recovery and confirm recovery continues without a generic report dialog.

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants