From 2546316fc5eb49eb04f82e9b16d5e61613500f29 Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <sm2030@cam.ac.uk>
Date: Sat, 19 Aug 2023 23:08:03 +0100
Subject: [PATCH 1/7] use localstorage instead of sessionstorage

---
 src/decrypt-template.html |  2 +-
 web/decrypt.ts            | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/decrypt-template.html b/src/decrypt-template.html
index 1ca3b83..d9368c7 100644
--- a/src/decrypt-template.html
+++ b/src/decrypt-template.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="robots" content="noindex, nofollow">
     <title>Protected Page</title>
-    <script type="module">var i={};Object.defineProperty(i,"__esModule",{value:!0});function y(r,e,t){var c;if(t===void 0&&(t={}),!e.codes){e.codes={};for(var s=0;s<e.chars.length;++s)e.codes[e.chars[s]]=s}if(!t.loose&&r.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var a=r.length;r[a-1]==="=";)if(--a,!t.loose&&!((r.length-a)*e.bits&7))throw new SyntaxError("Invalid padding");for(var o=new((c=t.out)!=null?c:Uint8Array)(a*e.bits/8|0),n=0,u=0,l=0,f=0;f<a;++f){var E=e.codes[r[f]];if(E===void 0)throw new SyntaxError("Invalid character "+r[f]);u=u<<e.bits|E,n+=e.bits,n>=8&&(n-=8,o[l++]=255&u>>n)}if(n>=e.bits||255&u<<8-n)throw new SyntaxError("Unexpected end of data");return o}function h(r,e,t){t===void 0&&(t={});for(var c=t,s=c.pad,a=s===void 0?!0:s,o=(1<<e.bits)-1,n="",u=0,l=0,f=0;f<r.length;++f)for(l=l<<8|255&r[f],u+=8;u>e.bits;)u-=e.bits,n+=e.chars[o&l>>u];if(u&&(n+=e.chars[o&l<<e.bits-u]),a)for(;n.length*e.bits&7;)n+="=";return n}var L={chars:"0123456789ABCDEF",bits:4},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},P={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},F={parse:function(e,t){return y(e.toUpperCase(),L,t)},stringify:function(e,t){return h(e,L,t)}},I={parse:function(e,t){return t===void 0&&(t={}),y(t.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,K,t)},stringify:function(e,t){return h(e,K,t)}},k={parse:function(e,t){return y(e,O,t)},stringify:function(e,t){return h(e,O,t)}},B={parse:function(e,t){return y(e,$,t)},stringify:function(e,t){return h(e,$,t)}},G={parse:function(e,t){return y(e,P,t)},stringify:function(e,t){return h(e,P,t)}},H={parse:y,stringify:h};i.base16=F;i.base32=I;i.base32hex=k;i.base64=B;i.base64url=G;i.codec=H;i.base16;i.base32;i.base32hex;const J=i.base64;i.base64url;i.codec;function b(r){const e=document.querySelector(r);if(e)return e;throw new Error(`No element found with selector: "${r}"`)}const d=b("input"),m=b("header"),j=b("#msg"),g=b("form"),v=b("#load");let N,D,M,T;document.addEventListener("DOMContentLoaded",async()=>{const r=b("pre[data-i]");if(!r.innerText){d.disabled=!0,S("No encrypted payload.");return}T=Number(r.dataset.i);const e=J.parse(r.innerText);if(N=e.slice(0,32),D=e.slice(32,32+16),M=e.slice(32+16),location.hash){const t=new URL(window.location.href);d.value=t.hash.slice(1),t.hash="",history.replaceState(null,"",t.toString())}sessionStorage.k||d.value?await U():(w(v),x(g),m.classList.replace("hidden","flex"),d.focus())});var A,C;const p=((A=window.crypto)==null?void 0:A.subtle)||((C=window.crypto)==null?void 0:C.webkitSubtle);p||(S("Please use a modern browser."),d.disabled=!0);function x(r){r.classList.remove("hidden")}function w(r){r.classList.add("hidden")}function S(r){j.innerText=r,m.classList.add("red")}g.addEventListener("submit",async r=>{r.preventDefault(),await U()});async function R(r){return new Promise(e=>setTimeout(e,r))}async function U(){v.lastElementChild.innerText="Decrypting...",w(m),w(g),x(v),await R(60);try{const r=await V({salt:N,iv:D,ciphertext:M,iterations:T},d.value);document.write(r),document.close()}catch(r){w(v),x(g),m.classList.replace("hidden","flex"),sessionStorage.k?sessionStorage.removeItem("k"):S("Wrong password."),d.value="",d.focus()}}async function q(r,e,t){const c=new TextEncoder,s=await p.importKey("raw",c.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:r,iterations:t,hash:"SHA-256"},s,{name:"AES-GCM",length:256},!0,["decrypt"])}async function Q(r){return p.importKey("jwk",r,"AES-GCM",!0,["decrypt"])}async function V({salt:r,iv:e,ciphertext:t,iterations:c},s){const a=new TextDecoder,o=sessionStorage.k?await Q(JSON.parse(sessionStorage.k)):await q(r,s,c),n=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},o,t));if(!n)throw"Malformed data";return sessionStorage.k=JSON.stringify(await p.exportKey("jwk",o)),a.decode(n)}</script>
+    <script type="module">var i={};Object.defineProperty(i,"__esModule",{value:!0});function y(r,e,t){var c;if(t===void 0&&(t={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!t.loose&&r.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var s=r.length;r[s-1]==="=";)if(--s,!t.loose&&!((r.length-s)*e.bits&7))throw new SyntaxError("Invalid padding");for(var o=new((c=t.out)!=null?c:Uint8Array)(s*e.bits/8|0),n=0,l=0,d=0,u=0;u<s;++u){var E=e.codes[r[u]];if(E===void 0)throw new SyntaxError("Invalid character "+r[u]);l=l<<e.bits|E,n+=e.bits,n>=8&&(n-=8,o[d++]=255&l>>n)}if(n>=e.bits||255&l<<8-n)throw new SyntaxError("Unexpected end of data");return o}function h(r,e,t){t===void 0&&(t={});for(var c=t,a=c.pad,s=a===void 0?!0:a,o=(1<<e.bits)-1,n="",l=0,d=0,u=0;u<r.length;++u)for(d=d<<8|255&r[u],l+=8;l>e.bits;)l-=e.bits,n+=e.chars[o&d>>l];if(l&&(n+=e.chars[o&d<<e.bits-l]),s)for(;n.length*e.bits&7;)n+="=";return n}var L={chars:"0123456789ABCDEF",bits:4},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},P={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},F={parse:function(e,t){return y(e.toUpperCase(),L,t)},stringify:function(e,t){return h(e,L,t)}},I={parse:function(e,t){return t===void 0&&(t={}),y(t.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,K,t)},stringify:function(e,t){return h(e,K,t)}},k={parse:function(e,t){return y(e,O,t)},stringify:function(e,t){return h(e,O,t)}},B={parse:function(e,t){return y(e,$,t)},stringify:function(e,t){return h(e,$,t)}},G={parse:function(e,t){return y(e,P,t)},stringify:function(e,t){return h(e,P,t)}},H={parse:y,stringify:h};i.base16=F;i.base32=I;i.base32hex=k;i.base64=B;i.base64url=G;i.codec=H;i.base16;i.base32;i.base32hex;const J=i.base64;i.base64url;i.codec;function b(r){const e=document.querySelector(r);if(e)return e;throw new Error(`No element found with selector: "${r}"`)}const f=b("input"),m=b("header"),j=b("#msg"),g=b("form"),v=b("#load");let N,D,M,T;document.addEventListener("DOMContentLoaded",async()=>{const r=b("pre[data-i]");if(!r.innerText){f.disabled=!0,S("No encrypted payload.");return}T=Number(r.dataset.i);const e=J.parse(r.innerText);if(N=e.slice(0,32),D=e.slice(32,32+16),M=e.slice(32+16),location.hash){const t=new URL(window.location.href);f.value=t.hash.slice(1),t.hash="",history.replaceState(null,"",t.toString())}localStorage.k||f.value?await U():(w(v),x(g),m.classList.replace("hidden","flex"),f.focus())});var A,C;const p=((A=window.crypto)==null?void 0:A.subtle)||((C=window.crypto)==null?void 0:C.webkitSubtle);p||(S("Please use a modern browser."),f.disabled=!0);function x(r){r.classList.remove("hidden")}function w(r){r.classList.add("hidden")}function S(r){j.innerText=r,m.classList.add("red")}g.addEventListener("submit",async r=>{r.preventDefault(),await U()});async function R(r){return new Promise(e=>setTimeout(e,r))}async function U(){v.lastElementChild.innerText="Decrypting...",w(m),w(g),x(v),await R(60);try{const r=await V({salt:N,iv:D,ciphertext:M,iterations:T},f.value);document.write(r),document.close()}catch(r){w(v),x(g),m.classList.replace("hidden","flex"),localStorage.k?localStorage.removeItem("k"):S("Wrong password."),f.value="",f.focus()}}async function q(r,e,t){const c=new TextEncoder,a=await p.importKey("raw",c.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:r,iterations:t,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function Q(r){return p.importKey("jwk",r,"AES-GCM",!0,["decrypt"])}async function V({salt:r,iv:e,ciphertext:t,iterations:c},a){const s=new TextDecoder,o=localStorage.k?await Q(JSON.parse(localStorage.k)):await q(r,a,c),n=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},o,t));if(!n)throw"Malformed data";return localStorage.k=JSON.stringify(await p.exportKey("jwk",o)),s.decode(n)}</script>
     <style>*,:before,:after{box-sizing:border-box;border:0}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif}body{margin:0;line-height:inherit}a{color:inherit;text-decoration:inherit}button,input{font-family:inherit;font-size:100%;line-height:inherit;color:inherit;margin:0;padding:0}button{text-transform:none}button,[type=button],[type=reset],[type=submit]{-webkit-appearance:button}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}p{margin:0}input::-moz-placeholder,input:-ms-input-placeholder,input::placeholder{opacity:1}:disabled{cursor:default}svg{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]{display:none}:root{--gray-800: #292524;--gray-700: #433f3b}html,body{color:#fff;font-weight:300}main{background:#000;height:100vh;letter-spacing:.025em;padding:4rem 1rem 1rem}.box{max-width:24rem;width:100%;background:var(--gray-800);padding:1rem;border-radius:.125rem;margin:0 auto;height:170px}header{align-items:center;margin-bottom:1rem;gap:.5rem}#pwd{font-weight:200;border-radius:.125rem;background:var(--gray-800);border:1px solid var(--gray-700);padding:.5rem 1rem;width:100%;color:#fff}#pwd:focus{outline:2px solid transparent;outline-offset:2px}.hidden{display:none!important}.flex{display:flex}#load{display:flex;align-items:center;justify-content:center;height:100%}.red{color:#dc2626}.spinner{pointer-events:none;width:1.5rem;height:1.5rem;border:3px solid transparent;border-color:#fff;border-right-width:2px;border-radius:50%;-webkit-animation:spin .5s linear infinite;animation:spin .5s linear infinite;margin-right:.5rem}#load p:last-child{font-size:1.125rem;line-height:1.75rem}[type=submit]{border-radius:.125rem;color:#000;background:#fff;width:100%;padding:.5rem 0;margin-top:1rem;cursor:pointer}@keyframes spin{to{transform:rotate(360deg)}}#locked{width:1.5rem;height:1.5rem}#msg{font-size:.875rem;line-height:1.25rem}@media (min-width: 475px){main{padding-top:10rem}#msg,a{font-size:1rem;line-height:1.5rem}}</style>
 </head>
 <body>
diff --git a/web/decrypt.ts b/web/decrypt.ts
index 080ba62..0d2ea48 100644
--- a/web/decrypt.ts
+++ b/web/decrypt.ts
@@ -44,7 +44,7 @@ document.addEventListener('DOMContentLoaded', async () => {
         history.replaceState(null, '', url.toString())
     }
 
-    if (sessionStorage.k || pwd.value) {
+    if (localStorage.k || pwd.value) {
         await decrypt()
     } else {
         hide(load)
@@ -107,9 +107,9 @@ async function decrypt() {
         show(form)
         header.classList.replace('hidden', 'flex')
 
-        if (sessionStorage.k) {
+        if (localStorage.k) {
             // Delete invalid key
-            sessionStorage.removeItem('k')
+            localStorage.removeItem('k')
         } else {
             // Only show when user actually entered a password themselves.
             error('Wrong password.')
@@ -162,8 +162,8 @@ async function decryptFile(
 ) {
     const decoder = new TextDecoder()
 
-    const key = sessionStorage.k
-        ? await importKey(JSON.parse(sessionStorage.k))
+    const key = localStorage.k
+        ? await importKey(JSON.parse(localStorage.k))
         : await deriveKey(salt, password, iterations)
 
     const data = new Uint8Array(
@@ -172,7 +172,7 @@ async function decryptFile(
     if (!data) throw 'Malformed data'
 
     // If no exception were thrown, decryption succeded and we can save the key.
-    sessionStorage.k = JSON.stringify(await subtle.exportKey('jwk', key))
+    localStorage.k = JSON.stringify(await subtle.exportKey('jwk', key))
 
     return decoder.decode(data)
 }

From 4d1eb0ea173976c6b09a5e0fc2093d9f49b72503 Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <sm2030@cam.ac.uk>
Date: Sat, 19 Aug 2023 23:49:21 +0100
Subject: [PATCH 2/7] add consistent password to decrypt whole site

---
 package.json              |  2 +-
 src/decrypt-template.html |  2 +-
 test/package.json         |  3 +++
 web/decrypt.ts            | 23 ++++++++++++++++++-----
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index 385ea37..6ed3be5 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "pagecrypt",
-    "version": "6.1.1",
+    "version": "6.1.2",
     "description": "Easily add client-side password-protection to your Single Page Applications and HTML files.",
     "main": "src/index.ts",
     "type": "module",
diff --git a/src/decrypt-template.html b/src/decrypt-template.html
index d9368c7..f9ac2ea 100644
--- a/src/decrypt-template.html
+++ b/src/decrypt-template.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="robots" content="noindex, nofollow">
     <title>Protected Page</title>
-    <script type="module">var i={};Object.defineProperty(i,"__esModule",{value:!0});function y(r,e,t){var c;if(t===void 0&&(t={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!t.loose&&r.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var s=r.length;r[s-1]==="=";)if(--s,!t.loose&&!((r.length-s)*e.bits&7))throw new SyntaxError("Invalid padding");for(var o=new((c=t.out)!=null?c:Uint8Array)(s*e.bits/8|0),n=0,l=0,d=0,u=0;u<s;++u){var E=e.codes[r[u]];if(E===void 0)throw new SyntaxError("Invalid character "+r[u]);l=l<<e.bits|E,n+=e.bits,n>=8&&(n-=8,o[d++]=255&l>>n)}if(n>=e.bits||255&l<<8-n)throw new SyntaxError("Unexpected end of data");return o}function h(r,e,t){t===void 0&&(t={});for(var c=t,a=c.pad,s=a===void 0?!0:a,o=(1<<e.bits)-1,n="",l=0,d=0,u=0;u<r.length;++u)for(d=d<<8|255&r[u],l+=8;l>e.bits;)l-=e.bits,n+=e.chars[o&d>>l];if(l&&(n+=e.chars[o&d<<e.bits-l]),s)for(;n.length*e.bits&7;)n+="=";return n}var L={chars:"0123456789ABCDEF",bits:4},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},P={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},F={parse:function(e,t){return y(e.toUpperCase(),L,t)},stringify:function(e,t){return h(e,L,t)}},I={parse:function(e,t){return t===void 0&&(t={}),y(t.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,K,t)},stringify:function(e,t){return h(e,K,t)}},k={parse:function(e,t){return y(e,O,t)},stringify:function(e,t){return h(e,O,t)}},B={parse:function(e,t){return y(e,$,t)},stringify:function(e,t){return h(e,$,t)}},G={parse:function(e,t){return y(e,P,t)},stringify:function(e,t){return h(e,P,t)}},H={parse:y,stringify:h};i.base16=F;i.base32=I;i.base32hex=k;i.base64=B;i.base64url=G;i.codec=H;i.base16;i.base32;i.base32hex;const J=i.base64;i.base64url;i.codec;function b(r){const e=document.querySelector(r);if(e)return e;throw new Error(`No element found with selector: "${r}"`)}const f=b("input"),m=b("header"),j=b("#msg"),g=b("form"),v=b("#load");let N,D,M,T;document.addEventListener("DOMContentLoaded",async()=>{const r=b("pre[data-i]");if(!r.innerText){f.disabled=!0,S("No encrypted payload.");return}T=Number(r.dataset.i);const e=J.parse(r.innerText);if(N=e.slice(0,32),D=e.slice(32,32+16),M=e.slice(32+16),location.hash){const t=new URL(window.location.href);f.value=t.hash.slice(1),t.hash="",history.replaceState(null,"",t.toString())}localStorage.k||f.value?await U():(w(v),x(g),m.classList.replace("hidden","flex"),f.focus())});var A,C;const p=((A=window.crypto)==null?void 0:A.subtle)||((C=window.crypto)==null?void 0:C.webkitSubtle);p||(S("Please use a modern browser."),f.disabled=!0);function x(r){r.classList.remove("hidden")}function w(r){r.classList.add("hidden")}function S(r){j.innerText=r,m.classList.add("red")}g.addEventListener("submit",async r=>{r.preventDefault(),await U()});async function R(r){return new Promise(e=>setTimeout(e,r))}async function U(){v.lastElementChild.innerText="Decrypting...",w(m),w(g),x(v),await R(60);try{const r=await V({salt:N,iv:D,ciphertext:M,iterations:T},f.value);document.write(r),document.close()}catch(r){w(v),x(g),m.classList.replace("hidden","flex"),localStorage.k?localStorage.removeItem("k"):S("Wrong password."),f.value="",f.focus()}}async function q(r,e,t){const c=new TextEncoder,a=await p.importKey("raw",c.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:r,iterations:t,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function Q(r){return p.importKey("jwk",r,"AES-GCM",!0,["decrypt"])}async function V({salt:r,iv:e,ciphertext:t,iterations:c},a){const s=new TextDecoder,o=localStorage.k?await Q(JSON.parse(localStorage.k)):await q(r,a,c),n=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},o,t));if(!n)throw"Malformed data";return localStorage.k=JSON.stringify(await p.exportKey("jwk",o)),s.decode(n)}</script>
+    <script type="module">var c={};Object.defineProperty(c,"__esModule",{value:!0});function y(t,e,r){var n;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var s=t.length;t[s-1]==="=";)if(--s,!r.loose&&!((t.length-s)*e.bits&7))throw new SyntaxError("Invalid padding");for(var l=new((n=r.out)!=null?n:Uint8Array)(s*e.bits/8|0),i=0,o=0,u=0,f=0;f<s;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);o=o<<e.bits|E,i+=e.bits,i>=8&&(i-=8,l[u++]=255&o>>i)}if(i>=e.bits||255&o<<8-i)throw new SyntaxError("Unexpected end of data");return l}function h(t,e,r){r===void 0&&(r={});for(var n=r,a=n.pad,s=a===void 0?!0:a,l=(1<<e.bits)-1,i="",o=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],o+=8;o>e.bits;)o-=e.bits,i+=e.chars[l&u>>o];if(o&&(i+=e.chars[l&u<<e.bits-o]),s)for(;i.length*e.bits&7;)i+="=";return i}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},U={parse:function(e,r){return y(e.toUpperCase(),L,r)},stringify:function(e,r){return h(e,L,r)}},F={parse:function(e,r){return r===void 0&&(r={}),y(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return h(e,I,r)}},k={parse:function(e,r){return y(e,O,r)},stringify:function(e,r){return h(e,O,r)}},B={parse:function(e,r){return y(e,K,r)},stringify:function(e,r){return h(e,K,r)}},G={parse:function(e,r){return y(e,$,r)},stringify:function(e,r){return h(e,$,r)}},H={parse:y,stringify:h};c.base16=U;c.base32=F;c.base32hex=k;c.base64=B;c.base64url=G;c.codec=H;c.base16;c.base32;c.base32hex;const J=c.base64;c.base64url;c.codec;function b(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=b("input"),m=b("header"),j=b("#msg"),g=b("form"),v=b("#load");let C,N,D,M;document.addEventListener("DOMContentLoaded",async()=>{const t=b("pre[data-i]");if(!t.innerText){d.disabled=!0,x("No encrypted payload.");return}M=Number(t.dataset.i);const e=J.parse(t.innerText);if(C=e.slice(0,32),N=e.slice(32,32+16),D=e.slice(32+16),location.hash){const n=new URL(window.location.href);d.value=n.hash.slice(1),n.hash="",history.replaceState(null,"",n.toString())}const r=localStorage.getItem("pwd");r&&(d.value=r),localStorage.getItem("k")||d.value?await T():(w(v),S(g),m.classList.replace("hidden","flex"),d.focus())});var P,A;const p=((P=window.crypto)==null?void 0:P.subtle)||((A=window.crypto)==null?void 0:A.webkitSubtle);p||(x("Please use a modern browser."),d.disabled=!0);function S(t){t.classList.remove("hidden")}function w(t){t.classList.add("hidden")}function x(t){j.innerText=t,m.classList.add("red")}g.addEventListener("submit",async t=>{t.preventDefault(),await T()});async function R(t){return new Promise(e=>setTimeout(e,t))}async function T(){v.lastElementChild.innerText="Decrypting...",w(m),w(g),S(v),await R(60);try{const t=await V({salt:C,iv:N,ciphertext:D,iterations:M},d.value);document.write(t),document.close()}catch(t){w(v),S(g),m.classList.replace("hidden","flex"),localStorage.getItem("pwd")&&localStorage.removeItem("pwd"),localStorage.getItem("k")?localStorage.removeItem("k"):x("Wrong password."),d.value="",d.focus()}}async function q(t,e,r){const n=new TextEncoder,a=await p.importKey("raw",n.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function Q(t){return p.importKey("jwk",t,"AES-GCM",!0,["decrypt"])}async function V({salt:t,iv:e,ciphertext:r,iterations:n},a){const s=new TextDecoder;let l=localStorage.getItem("k");const i=l?await Q(JSON.parse(l)):await q(t,a,n),o=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},i,r));if(!o)throw"Malformed data";return localStorage.setItem("k",JSON.stringify(await p.exportKey("jwk",i))),localStorage.setItem("pwd",a),s.decode(o)}</script>
     <style>*,:before,:after{box-sizing:border-box;border:0}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif}body{margin:0;line-height:inherit}a{color:inherit;text-decoration:inherit}button,input{font-family:inherit;font-size:100%;line-height:inherit;color:inherit;margin:0;padding:0}button{text-transform:none}button,[type=button],[type=reset],[type=submit]{-webkit-appearance:button}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}p{margin:0}input::-moz-placeholder,input:-ms-input-placeholder,input::placeholder{opacity:1}:disabled{cursor:default}svg{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]{display:none}:root{--gray-800: #292524;--gray-700: #433f3b}html,body{color:#fff;font-weight:300}main{background:#000;height:100vh;letter-spacing:.025em;padding:4rem 1rem 1rem}.box{max-width:24rem;width:100%;background:var(--gray-800);padding:1rem;border-radius:.125rem;margin:0 auto;height:170px}header{align-items:center;margin-bottom:1rem;gap:.5rem}#pwd{font-weight:200;border-radius:.125rem;background:var(--gray-800);border:1px solid var(--gray-700);padding:.5rem 1rem;width:100%;color:#fff}#pwd:focus{outline:2px solid transparent;outline-offset:2px}.hidden{display:none!important}.flex{display:flex}#load{display:flex;align-items:center;justify-content:center;height:100%}.red{color:#dc2626}.spinner{pointer-events:none;width:1.5rem;height:1.5rem;border:3px solid transparent;border-color:#fff;border-right-width:2px;border-radius:50%;-webkit-animation:spin .5s linear infinite;animation:spin .5s linear infinite;margin-right:.5rem}#load p:last-child{font-size:1.125rem;line-height:1.75rem}[type=submit]{border-radius:.125rem;color:#000;background:#fff;width:100%;padding:.5rem 0;margin-top:1rem;cursor:pointer}@keyframes spin{to{transform:rotate(360deg)}}#locked{width:1.5rem;height:1.5rem}#msg{font-size:.875rem;line-height:1.25rem}@media (min-width: 475px){main{padding-top:10rem}#msg,a{font-size:1rem;line-height:1.5rem}}</style>
 </head>
 <body>
diff --git a/test/package.json b/test/package.json
index f53a93c..80d5767 100644
--- a/test/package.json
+++ b/test/package.json
@@ -10,5 +10,8 @@
         "test:cli-iterations": "pagecrypt test.html out-cli-iterations.html eRx1sD0LrHTNubycv1IYgyNqU3Qc9GKPGcl3XT63JG7djgMxU9etkVNcK5Hak5GWDzm4mx6AQFlpOPsY --iterations 3e6",
         "test:cli-gen-iterations": "pagecrypt test.html out-cli-gen-iterations.html eRx1sD0LrHTNubycv1IYgyNqU3Qc9GKPGcl3XT63JG7djgMxU9etkVNcK5Hak5GWDzm4mx6AQFlpOPsY --generate-password 59 --iterations 2500000",
         "test:verify": "vite"
+    },
+    "dependencies": {
+        "pagecrypt": "file:../dist/pagecrypt-6.1.2.tgz"
     }
 }
diff --git a/web/decrypt.ts b/web/decrypt.ts
index 0d2ea48..7f2bb46 100644
--- a/web/decrypt.ts
+++ b/web/decrypt.ts
@@ -44,7 +44,12 @@ document.addEventListener('DOMContentLoaded', async () => {
         history.replaceState(null, '', url.toString())
     }
 
-    if (localStorage.k || pwd.value) {
+    const pwdOld = localStorage.getItem("pwd")
+    if (pwdOld) {
+        pwd.value = pwdOld
+    }
+
+    if (localStorage.getItem("k") || pwd.value) {
         await decrypt()
     } else {
         hide(load)
@@ -107,7 +112,12 @@ async function decrypt() {
         show(form)
         header.classList.replace('hidden', 'flex')
 
-        if (localStorage.k) {
+        if(localStorage.getItem('pwd')) {
+            // Delete invalid password
+            localStorage.removeItem('pwd')
+        }
+
+        if (localStorage.getItem('k')) {
             // Delete invalid key
             localStorage.removeItem('k')
         } else {
@@ -162,8 +172,10 @@ async function decryptFile(
 ) {
     const decoder = new TextDecoder()
 
-    const key = localStorage.k
-        ? await importKey(JSON.parse(localStorage.k))
+    let k = localStorage.getItem("k")
+
+    const key = k
+        ? await importKey(JSON.parse(k))
         : await deriveKey(salt, password, iterations)
 
     const data = new Uint8Array(
@@ -172,7 +184,8 @@ async function decryptFile(
     if (!data) throw 'Malformed data'
 
     // If no exception were thrown, decryption succeded and we can save the key.
-    localStorage.k = JSON.stringify(await subtle.exportKey('jwk', key))
+    localStorage.setItem("k", JSON.stringify(await subtle.exportKey('jwk', key)))
+    localStorage.setItem("pwd", password)
 
     return decoder.decode(data)
 }

From 9ff426da699aa0fe711bd08f579a4803f5646d5f Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <sm2030@cam.ac.uk>
Date: Sun, 20 Aug 2023 00:14:01 +0100
Subject: [PATCH 3/7] allow for a full website to be crypted

---
 package.json              |  2 +-
 src/decrypt-template.html |  2 +-
 test/package.json         |  2 +-
 web/decrypt.ts            | 13 ++++++-------
 4 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/package.json b/package.json
index 6ed3be5..520bf0b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "pagecrypt",
-    "version": "6.1.2",
+    "version": "6.1.3",
     "description": "Easily add client-side password-protection to your Single Page Applications and HTML files.",
     "main": "src/index.ts",
     "type": "module",
diff --git a/src/decrypt-template.html b/src/decrypt-template.html
index f9ac2ea..312a17b 100644
--- a/src/decrypt-template.html
+++ b/src/decrypt-template.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="robots" content="noindex, nofollow">
     <title>Protected Page</title>
-    <script type="module">var c={};Object.defineProperty(c,"__esModule",{value:!0});function y(t,e,r){var n;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var s=t.length;t[s-1]==="=";)if(--s,!r.loose&&!((t.length-s)*e.bits&7))throw new SyntaxError("Invalid padding");for(var l=new((n=r.out)!=null?n:Uint8Array)(s*e.bits/8|0),i=0,o=0,u=0,f=0;f<s;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);o=o<<e.bits|E,i+=e.bits,i>=8&&(i-=8,l[u++]=255&o>>i)}if(i>=e.bits||255&o<<8-i)throw new SyntaxError("Unexpected end of data");return l}function h(t,e,r){r===void 0&&(r={});for(var n=r,a=n.pad,s=a===void 0?!0:a,l=(1<<e.bits)-1,i="",o=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],o+=8;o>e.bits;)o-=e.bits,i+=e.chars[l&u>>o];if(o&&(i+=e.chars[l&u<<e.bits-o]),s)for(;i.length*e.bits&7;)i+="=";return i}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},U={parse:function(e,r){return y(e.toUpperCase(),L,r)},stringify:function(e,r){return h(e,L,r)}},F={parse:function(e,r){return r===void 0&&(r={}),y(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return h(e,I,r)}},k={parse:function(e,r){return y(e,O,r)},stringify:function(e,r){return h(e,O,r)}},B={parse:function(e,r){return y(e,K,r)},stringify:function(e,r){return h(e,K,r)}},G={parse:function(e,r){return y(e,$,r)},stringify:function(e,r){return h(e,$,r)}},H={parse:y,stringify:h};c.base16=U;c.base32=F;c.base32hex=k;c.base64=B;c.base64url=G;c.codec=H;c.base16;c.base32;c.base32hex;const J=c.base64;c.base64url;c.codec;function b(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=b("input"),m=b("header"),j=b("#msg"),g=b("form"),v=b("#load");let C,N,D,M;document.addEventListener("DOMContentLoaded",async()=>{const t=b("pre[data-i]");if(!t.innerText){d.disabled=!0,x("No encrypted payload.");return}M=Number(t.dataset.i);const e=J.parse(t.innerText);if(C=e.slice(0,32),N=e.slice(32,32+16),D=e.slice(32+16),location.hash){const n=new URL(window.location.href);d.value=n.hash.slice(1),n.hash="",history.replaceState(null,"",n.toString())}const r=localStorage.getItem("pwd");r&&(d.value=r),localStorage.getItem("k")||d.value?await T():(w(v),S(g),m.classList.replace("hidden","flex"),d.focus())});var P,A;const p=((P=window.crypto)==null?void 0:P.subtle)||((A=window.crypto)==null?void 0:A.webkitSubtle);p||(x("Please use a modern browser."),d.disabled=!0);function S(t){t.classList.remove("hidden")}function w(t){t.classList.add("hidden")}function x(t){j.innerText=t,m.classList.add("red")}g.addEventListener("submit",async t=>{t.preventDefault(),await T()});async function R(t){return new Promise(e=>setTimeout(e,t))}async function T(){v.lastElementChild.innerText="Decrypting...",w(m),w(g),S(v),await R(60);try{const t=await V({salt:C,iv:N,ciphertext:D,iterations:M},d.value);document.write(t),document.close()}catch(t){w(v),S(g),m.classList.replace("hidden","flex"),localStorage.getItem("pwd")&&localStorage.removeItem("pwd"),localStorage.getItem("k")?localStorage.removeItem("k"):x("Wrong password."),d.value="",d.focus()}}async function q(t,e,r){const n=new TextEncoder,a=await p.importKey("raw",n.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function Q(t){return p.importKey("jwk",t,"AES-GCM",!0,["decrypt"])}async function V({salt:t,iv:e,ciphertext:r,iterations:n},a){const s=new TextDecoder;let l=localStorage.getItem("k");const i=l?await Q(JSON.parse(l)):await q(t,a,n),o=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},i,r));if(!o)throw"Malformed data";return localStorage.setItem("k",JSON.stringify(await p.exportKey("jwk",i))),localStorage.setItem("pwd",a),s.decode(o)}</script>
+    <script type="module">var o={};Object.defineProperty(o,"__esModule",{value:!0});function p(t,e,r){var n;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var s=t.length;t[s-1]==="=";)if(--s,!r.loose&&!((t.length-s)*e.bits&7))throw new SyntaxError("Invalid padding");for(var c=new((n=r.out)!=null?n:Uint8Array)(s*e.bits/8|0),i=0,l=0,u=0,f=0;f<s;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);l=l<<e.bits|E,i+=e.bits,i>=8&&(i-=8,c[u++]=255&l>>i)}if(i>=e.bits||255&l<<8-i)throw new SyntaxError("Unexpected end of data");return c}function h(t,e,r){r===void 0&&(r={});for(var n=r,a=n.pad,s=a===void 0?!0:a,c=(1<<e.bits)-1,i="",l=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],l+=8;l>e.bits;)l-=e.bits,i+=e.chars[c&u>>l];if(l&&(i+=e.chars[c&u<<e.bits-l]),s)for(;i.length*e.bits&7;)i+="=";return i}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},P={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},N={parse:function(e,r){return p(e.toUpperCase(),L,r)},stringify:function(e,r){return h(e,L,r)}},F={parse:function(e,r){return r===void 0&&(r={}),p(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return h(e,I,r)}},B={parse:function(e,r){return p(e,O,r)},stringify:function(e,r){return h(e,O,r)}},G={parse:function(e,r){return p(e,$,r)},stringify:function(e,r){return h(e,$,r)}},H={parse:function(e,r){return p(e,P,r)},stringify:function(e,r){return h(e,P,r)}},R={parse:p,stringify:h};o.base16=N;o.base32=F;o.base32hex=B;o.base64=G;o.base64url=H;o.codec=R;o.base16;o.base32;o.base32hex;const q=o.base64;o.base64url;o.codec;function b(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=b("input"),w=b("header"),J=b("#msg"),m=b("form"),y=b("#load");let C,D,T,U;document.addEventListener("DOMContentLoaded",async()=>{const t=b("pre[data-i]");if(!t.innerText){d.disabled=!0,S("No encrypted payload.");return}U=Number(t.dataset.i);const e=q.parse(t.innerText);C=e.slice(0,32),D=e.slice(32,32+16),T=e.slice(32+16);const r=localStorage.getItem("pwd");if(r&&(d.value=r),location.hash){const n=new URL(window.location.href);d.value=n.hash.slice(1),n.hash="",history.replaceState(null,"",n.toString())}localStorage.getItem("k")||d.value?await M():(v(y),x(m),w.classList.replace("hidden","flex"),d.focus())});var K,A;const g=((K=window.crypto)==null?void 0:K.subtle)||((A=window.crypto)==null?void 0:A.webkitSubtle);g||(S("Please use a modern browser."),d.disabled=!0);function x(t){t.classList.remove("hidden")}function v(t){t.classList.add("hidden")}function S(t){J.innerText=t,w.classList.add("red")}m.addEventListener("submit",async t=>{t.preventDefault(),await M()});async function Q(t){return new Promise(e=>setTimeout(e,t))}async function M(){y.lastElementChild.innerText="Decrypting...",v(w),v(m),x(y),await Q(60);try{const t=await W({salt:C,iv:D,ciphertext:T,iterations:U},d.value);document.write(t),document.close()}catch(t){v(y),x(m),w.classList.replace("hidden","flex"),localStorage.getItem("pwd")&&localStorage.removeItem("pwd"),localStorage.getItem("k")?localStorage.removeItem("k"):S("Wrong password."),d.value="",d.focus()}}async function V(t,e,r){const n=new TextEncoder,a=await g.importKey("raw",n.encode(e),"PBKDF2",!1,["deriveKey"]);return await g.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function W({salt:t,iv:e,ciphertext:r,iterations:n},a){const s=new TextDecoder,c=await V(t,a,n),i=new Uint8Array(await g.decrypt({name:"AES-GCM",iv:e},c,r));if(!i)throw"Malformed data";return localStorage.setItem("pwd",a),s.decode(i)}</script>
     <style>*,:before,:after{box-sizing:border-box;border:0}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif}body{margin:0;line-height:inherit}a{color:inherit;text-decoration:inherit}button,input{font-family:inherit;font-size:100%;line-height:inherit;color:inherit;margin:0;padding:0}button{text-transform:none}button,[type=button],[type=reset],[type=submit]{-webkit-appearance:button}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}p{margin:0}input::-moz-placeholder,input:-ms-input-placeholder,input::placeholder{opacity:1}:disabled{cursor:default}svg{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]{display:none}:root{--gray-800: #292524;--gray-700: #433f3b}html,body{color:#fff;font-weight:300}main{background:#000;height:100vh;letter-spacing:.025em;padding:4rem 1rem 1rem}.box{max-width:24rem;width:100%;background:var(--gray-800);padding:1rem;border-radius:.125rem;margin:0 auto;height:170px}header{align-items:center;margin-bottom:1rem;gap:.5rem}#pwd{font-weight:200;border-radius:.125rem;background:var(--gray-800);border:1px solid var(--gray-700);padding:.5rem 1rem;width:100%;color:#fff}#pwd:focus{outline:2px solid transparent;outline-offset:2px}.hidden{display:none!important}.flex{display:flex}#load{display:flex;align-items:center;justify-content:center;height:100%}.red{color:#dc2626}.spinner{pointer-events:none;width:1.5rem;height:1.5rem;border:3px solid transparent;border-color:#fff;border-right-width:2px;border-radius:50%;-webkit-animation:spin .5s linear infinite;animation:spin .5s linear infinite;margin-right:.5rem}#load p:last-child{font-size:1.125rem;line-height:1.75rem}[type=submit]{border-radius:.125rem;color:#000;background:#fff;width:100%;padding:.5rem 0;margin-top:1rem;cursor:pointer}@keyframes spin{to{transform:rotate(360deg)}}#locked{width:1.5rem;height:1.5rem}#msg{font-size:.875rem;line-height:1.25rem}@media (min-width: 475px){main{padding-top:10rem}#msg,a{font-size:1rem;line-height:1.5rem}}</style>
 </head>
 <body>
diff --git a/test/package.json b/test/package.json
index 80d5767..5b7a3b0 100644
--- a/test/package.json
+++ b/test/package.json
@@ -12,6 +12,6 @@
         "test:verify": "vite"
     },
     "dependencies": {
-        "pagecrypt": "file:../dist/pagecrypt-6.1.2.tgz"
+        "pagecrypt": "file:../dist/pagecrypt-6.1.3.tgz"
     }
 }
diff --git a/web/decrypt.ts b/web/decrypt.ts
index 7f2bb46..f583ccd 100644
--- a/web/decrypt.ts
+++ b/web/decrypt.ts
@@ -28,6 +28,10 @@ document.addEventListener('DOMContentLoaded', async () => {
     iv = bytes.slice(32, 32 + 16)
     ciphertext = bytes.slice(32 + 16)
 
+    const pwdOld = localStorage.getItem("pwd")
+    if (pwdOld) {
+        pwd.value = pwdOld
+    }
     /**
      * Allow passwords to be automatically provided via the URI Fragment.
      * This greatly improves UX by clicking links instead of having to copy and paste the password manually.
@@ -44,11 +48,6 @@ document.addEventListener('DOMContentLoaded', async () => {
         history.replaceState(null, '', url.toString())
     }
 
-    const pwdOld = localStorage.getItem("pwd")
-    if (pwdOld) {
-        pwd.value = pwdOld
-    }
-
     if (localStorage.getItem("k") || pwd.value) {
         await decrypt()
     } else {
@@ -172,7 +171,7 @@ async function decryptFile(
 ) {
     const decoder = new TextDecoder()
 
-    let k = localStorage.getItem("k")
+    let k = null; // localStorage.getItem("k")
 
     const key = k
         ? await importKey(JSON.parse(k))
@@ -184,7 +183,7 @@ async function decryptFile(
     if (!data) throw 'Malformed data'
 
     // If no exception were thrown, decryption succeded and we can save the key.
-    localStorage.setItem("k", JSON.stringify(await subtle.exportKey('jwk', key)))
+    // localStorage.setItem("k", JSON.stringify(await subtle.exportKey('jwk', key)))
     localStorage.setItem("pwd", password)
 
     return decoder.decode(data)

From 3c1a8c29cb003f88e25c7bbd12734c0907ca763a Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <sm2030@cam.ac.uk>
Date: Sun, 20 Aug 2023 00:20:37 +0100
Subject: [PATCH 4/7] performance boost through caching key by url

---
 package.json              |  2 +-
 src/decrypt-template.html |  2 +-
 test/package.json         |  2 +-
 web/decrypt.ts            | 12 +++++-------
 4 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/package.json b/package.json
index 520bf0b..3dd16ab 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "pagecrypt",
-    "version": "6.1.3",
+    "version": "6.2.0",
     "description": "Easily add client-side password-protection to your Single Page Applications and HTML files.",
     "main": "src/index.ts",
     "type": "module",
diff --git a/src/decrypt-template.html b/src/decrypt-template.html
index 312a17b..dece625 100644
--- a/src/decrypt-template.html
+++ b/src/decrypt-template.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="robots" content="noindex, nofollow">
     <title>Protected Page</title>
-    <script type="module">var o={};Object.defineProperty(o,"__esModule",{value:!0});function p(t,e,r){var n;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var s=t.length;t[s-1]==="=";)if(--s,!r.loose&&!((t.length-s)*e.bits&7))throw new SyntaxError("Invalid padding");for(var c=new((n=r.out)!=null?n:Uint8Array)(s*e.bits/8|0),i=0,l=0,u=0,f=0;f<s;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);l=l<<e.bits|E,i+=e.bits,i>=8&&(i-=8,c[u++]=255&l>>i)}if(i>=e.bits||255&l<<8-i)throw new SyntaxError("Unexpected end of data");return c}function h(t,e,r){r===void 0&&(r={});for(var n=r,a=n.pad,s=a===void 0?!0:a,c=(1<<e.bits)-1,i="",l=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],l+=8;l>e.bits;)l-=e.bits,i+=e.chars[c&u>>l];if(l&&(i+=e.chars[c&u<<e.bits-l]),s)for(;i.length*e.bits&7;)i+="=";return i}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},P={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},N={parse:function(e,r){return p(e.toUpperCase(),L,r)},stringify:function(e,r){return h(e,L,r)}},F={parse:function(e,r){return r===void 0&&(r={}),p(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return h(e,I,r)}},B={parse:function(e,r){return p(e,O,r)},stringify:function(e,r){return h(e,O,r)}},G={parse:function(e,r){return p(e,$,r)},stringify:function(e,r){return h(e,$,r)}},H={parse:function(e,r){return p(e,P,r)},stringify:function(e,r){return h(e,P,r)}},R={parse:p,stringify:h};o.base16=N;o.base32=F;o.base32hex=B;o.base64=G;o.base64url=H;o.codec=R;o.base16;o.base32;o.base32hex;const q=o.base64;o.base64url;o.codec;function b(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=b("input"),w=b("header"),J=b("#msg"),m=b("form"),y=b("#load");let C,D,T,U;document.addEventListener("DOMContentLoaded",async()=>{const t=b("pre[data-i]");if(!t.innerText){d.disabled=!0,S("No encrypted payload.");return}U=Number(t.dataset.i);const e=q.parse(t.innerText);C=e.slice(0,32),D=e.slice(32,32+16),T=e.slice(32+16);const r=localStorage.getItem("pwd");if(r&&(d.value=r),location.hash){const n=new URL(window.location.href);d.value=n.hash.slice(1),n.hash="",history.replaceState(null,"",n.toString())}localStorage.getItem("k")||d.value?await M():(v(y),x(m),w.classList.replace("hidden","flex"),d.focus())});var K,A;const g=((K=window.crypto)==null?void 0:K.subtle)||((A=window.crypto)==null?void 0:A.webkitSubtle);g||(S("Please use a modern browser."),d.disabled=!0);function x(t){t.classList.remove("hidden")}function v(t){t.classList.add("hidden")}function S(t){J.innerText=t,w.classList.add("red")}m.addEventListener("submit",async t=>{t.preventDefault(),await M()});async function Q(t){return new Promise(e=>setTimeout(e,t))}async function M(){y.lastElementChild.innerText="Decrypting...",v(w),v(m),x(y),await Q(60);try{const t=await W({salt:C,iv:D,ciphertext:T,iterations:U},d.value);document.write(t),document.close()}catch(t){v(y),x(m),w.classList.replace("hidden","flex"),localStorage.getItem("pwd")&&localStorage.removeItem("pwd"),localStorage.getItem("k")?localStorage.removeItem("k"):S("Wrong password."),d.value="",d.focus()}}async function V(t,e,r){const n=new TextEncoder,a=await g.importKey("raw",n.encode(e),"PBKDF2",!1,["deriveKey"]);return await g.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function W({salt:t,iv:e,ciphertext:r,iterations:n},a){const s=new TextDecoder,c=await V(t,a,n),i=new Uint8Array(await g.decrypt({name:"AES-GCM",iv:e},c,r));if(!i)throw"Malformed data";return localStorage.setItem("pwd",a),s.decode(i)}</script>
+    <script type="module">var c={};Object.defineProperty(c,"__esModule",{value:!0});function h(t,e,r){var s;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var n=t.length;t[n-1]==="=";)if(--n,!r.loose&&!((t.length-n)*e.bits&7))throw new SyntaxError("Invalid padding");for(var l=new((s=r.out)!=null?s:Uint8Array)(n*e.bits/8|0),o=0,i=0,u=0,f=0;f<n;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);i=i<<e.bits|E,o+=e.bits,o>=8&&(o-=8,l[u++]=255&i>>o)}if(o>=e.bits||255&i<<8-o)throw new SyntaxError("Unexpected end of data");return l}function w(t,e,r){r===void 0&&(r={});for(var s=r,a=s.pad,n=a===void 0?!0:a,l=(1<<e.bits)-1,o="",i=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],i+=8;i>e.bits;)i-=e.bits,o+=e.chars[l&u>>i];if(i&&(o+=e.chars[l&u<<e.bits-i]),n)for(;o.length*e.bits&7;)o+="=";return o}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},U={parse:function(e,r){return h(e.toUpperCase(),L,r)},stringify:function(e,r){return w(e,L,r)}},F={parse:function(e,r){return r===void 0&&(r={}),h(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return w(e,I,r)}},B={parse:function(e,r){return h(e,O,r)},stringify:function(e,r){return w(e,O,r)}},G={parse:function(e,r){return h(e,K,r)},stringify:function(e,r){return w(e,K,r)}},H={parse:function(e,r){return h(e,$,r)},stringify:function(e,r){return w(e,$,r)}},J={parse:h,stringify:w};c.base16=U;c.base32=F;c.base32hex=B;c.base64=G;c.base64url=H;c.codec=J;c.base16;c.base32;c.base32hex;const j=c.base64;c.base64url;c.codec;function y(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=y("input"),m=y("header"),R=y("#msg"),g=y("form"),b=y("#load");let C,N,D,M;document.addEventListener("DOMContentLoaded",async()=>{const t=y("pre[data-i]");if(!t.innerText){d.disabled=!0,x("No encrypted payload.");return}M=Number(t.dataset.i);const e=j.parse(t.innerText);C=e.slice(0,32),N=e.slice(32,32+16),D=e.slice(32+16);const r=localStorage.getItem("pwd");if(r&&(d.value=r),location.hash){const s=new URL(window.location.href);d.value=s.hash.slice(1),s.hash="",history.replaceState(null,"",s.toString())}localStorage.getItem(window.location.href)||d.value?await T():(v(b),S(g),m.classList.replace("hidden","flex"),d.focus())});var P,A;const p=((P=window.crypto)==null?void 0:P.subtle)||((A=window.crypto)==null?void 0:A.webkitSubtle);p||(x("Please use a modern browser."),d.disabled=!0);function S(t){t.classList.remove("hidden")}function v(t){t.classList.add("hidden")}function x(t){R.innerText=t,m.classList.add("red")}g.addEventListener("submit",async t=>{t.preventDefault(),await T()});async function q(t){return new Promise(e=>setTimeout(e,t))}async function T(){b.lastElementChild.innerText="Decrypting...",v(m),v(g),S(b),await q(60);try{const t=await W({salt:C,iv:N,ciphertext:D,iterations:M},d.value);document.write(t),document.close()}catch(t){v(b),S(g),m.classList.replace("hidden","flex"),localStorage.getItem("pwd")?localStorage.removeItem("pwd"):localStorage.getItem(window.location.href)?localStorage.removeItem(window.location.href):x("Wrong password."),d.value="",d.focus()}}async function Q(t,e,r){const s=new TextEncoder,a=await p.importKey("raw",s.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function V(t){return p.importKey("jwk",t,"AES-GCM",!0,["decrypt"])}async function W({salt:t,iv:e,ciphertext:r,iterations:s},a){const n=new TextDecoder;let l=localStorage.getItem(window.location.href);const o=l?await V(JSON.parse(l)):await Q(t,a,s),i=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},o,r));if(!i)throw"Malformed data";return localStorage.setItem(window.location.href,JSON.stringify(await p.exportKey("jwk",o))),localStorage.setItem("pwd",a),n.decode(i)}</script>
     <style>*,:before,:after{box-sizing:border-box;border:0}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif}body{margin:0;line-height:inherit}a{color:inherit;text-decoration:inherit}button,input{font-family:inherit;font-size:100%;line-height:inherit;color:inherit;margin:0;padding:0}button{text-transform:none}button,[type=button],[type=reset],[type=submit]{-webkit-appearance:button}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}p{margin:0}input::-moz-placeholder,input:-ms-input-placeholder,input::placeholder{opacity:1}:disabled{cursor:default}svg{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]{display:none}:root{--gray-800: #292524;--gray-700: #433f3b}html,body{color:#fff;font-weight:300}main{background:#000;height:100vh;letter-spacing:.025em;padding:4rem 1rem 1rem}.box{max-width:24rem;width:100%;background:var(--gray-800);padding:1rem;border-radius:.125rem;margin:0 auto;height:170px}header{align-items:center;margin-bottom:1rem;gap:.5rem}#pwd{font-weight:200;border-radius:.125rem;background:var(--gray-800);border:1px solid var(--gray-700);padding:.5rem 1rem;width:100%;color:#fff}#pwd:focus{outline:2px solid transparent;outline-offset:2px}.hidden{display:none!important}.flex{display:flex}#load{display:flex;align-items:center;justify-content:center;height:100%}.red{color:#dc2626}.spinner{pointer-events:none;width:1.5rem;height:1.5rem;border:3px solid transparent;border-color:#fff;border-right-width:2px;border-radius:50%;-webkit-animation:spin .5s linear infinite;animation:spin .5s linear infinite;margin-right:.5rem}#load p:last-child{font-size:1.125rem;line-height:1.75rem}[type=submit]{border-radius:.125rem;color:#000;background:#fff;width:100%;padding:.5rem 0;margin-top:1rem;cursor:pointer}@keyframes spin{to{transform:rotate(360deg)}}#locked{width:1.5rem;height:1.5rem}#msg{font-size:.875rem;line-height:1.25rem}@media (min-width: 475px){main{padding-top:10rem}#msg,a{font-size:1rem;line-height:1.5rem}}</style>
 </head>
 <body>
diff --git a/test/package.json b/test/package.json
index 5b7a3b0..36efd9e 100644
--- a/test/package.json
+++ b/test/package.json
@@ -12,6 +12,6 @@
         "test:verify": "vite"
     },
     "dependencies": {
-        "pagecrypt": "file:../dist/pagecrypt-6.1.3.tgz"
+        "pagecrypt": "file:../dist/pagecrypt-6.2.0.tgz"
     }
 }
diff --git a/web/decrypt.ts b/web/decrypt.ts
index f583ccd..f44ab66 100644
--- a/web/decrypt.ts
+++ b/web/decrypt.ts
@@ -48,7 +48,7 @@ document.addEventListener('DOMContentLoaded', async () => {
         history.replaceState(null, '', url.toString())
     }
 
-    if (localStorage.getItem("k") || pwd.value) {
+    if (localStorage.getItem(window.location.href) || pwd.value) {
         await decrypt()
     } else {
         hide(load)
@@ -114,11 +114,9 @@ async function decrypt() {
         if(localStorage.getItem('pwd')) {
             // Delete invalid password
             localStorage.removeItem('pwd')
-        }
-
-        if (localStorage.getItem('k')) {
+        } else if (localStorage.getItem(window.location.href)) {
             // Delete invalid key
-            localStorage.removeItem('k')
+            localStorage.removeItem(window.location.href)
         } else {
             // Only show when user actually entered a password themselves.
             error('Wrong password.')
@@ -171,7 +169,7 @@ async function decryptFile(
 ) {
     const decoder = new TextDecoder()
 
-    let k = null; // localStorage.getItem("k")
+    let k = localStorage.getItem(window.location.href)
 
     const key = k
         ? await importKey(JSON.parse(k))
@@ -183,7 +181,7 @@ async function decryptFile(
     if (!data) throw 'Malformed data'
 
     // If no exception were thrown, decryption succeded and we can save the key.
-    // localStorage.setItem("k", JSON.stringify(await subtle.exportKey('jwk', key)))
+    localStorage.setItem(window.location.href, JSON.stringify(await subtle.exportKey('jwk', key)))
     localStorage.setItem("pwd", password)
 
     return decoder.decode(data)

From 6a585c2cd548d56be0e3f858026e357a9dd244bf Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <sm2030@cam.ac.uk>
Date: Sun, 20 Aug 2023 00:28:32 +0100
Subject: [PATCH 5/7] add readme update

---
 README.md | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bf16790..73411c0 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,33 @@
 # 🔐 PageCrypt - Password Protected Single Page Applications and HTML files
 
+This fork adds the ability to encrypt entire directories to password-protect an entire static site hosted on a static site host, e.g. Amazon S3 or Google Cloud Storage or Github Pages.
+
+It does so by caching the password entered the first time, to use it again for all other pages a user may visit, and caching the derived keys per file in localStorage to speed up decryption.
+
+## Installation:
+
+```sh
+npm i -D https://github.com/souramoo/pagecrypt/releases/download/6.2.0/pagecrypt-6.2.0.tgz
+```
+
+## Usage for whole directories:
+
+Assuming you have a directory `src/` to encrypt and an empty target directory `dist/`...
+
+```sh
+PASSWORD=hunter2
+dir=$(pwd)
+cd src
+find . -name "*.html" -print -exec npx pagecrypt {} ${dir}/dist/{} ${PASSWORD} \;
+cd ..
+```
+
+You should now be able to publish the contents of `dist/` :)
+
+This should also work in cloud CI workflows to automatically password protect deployments.
+
+# Original description
+
 > Easily add client-side password-protection to your Single Page Applications and HTML files.
 
 Inspired by [MaxLaumeister/PageCrypt](https://github.com/MaxLaumeister/PageCrypt), but rewritten to use native `Web Crypto API` and greatly improve UX + security. Thanks for sharing an excellent starting point to create this tool!
@@ -9,7 +37,7 @@ Inspired by [MaxLaumeister/PageCrypt](https://github.com/MaxLaumeister/PageCrypt
 **NOTE: Make sure you are using Node.js v16 or newer.**
 
 ```sh
-npm i -D pagecrypt
+npm i -D https://github.com/souramoo/pagecrypt/releases/download/6.2.0/pagecrypt-6.2.0.tgz
 ```
 
 There are 4 different ways to use `pagecrypt`:
@@ -175,7 +203,7 @@ Since this magic link feature is using the [URI Fragment](https://en.m.wikipedia
 
 -   Most importantly, think twice about what kinds of sites and apps you publish to the open internet, even if they are encrypted.
 -   If you use the magic link to login, beware that the password remains as a history entry! Feel free to submit a PR if you know a workaround for this!
--   Also keep in mind that the `sessionStorage` saves the encryption key (which is derived from the password) until the browser is restarted. This is what allows the rapid page reloads during the same session - at the cost of decreasing the security on your local device.
+-   Also keep in mind that the `localStorage` saves the encryption key (which is derived from the password). This is what allows the rapid page reloads during the same session - at the cost of decreasing the security on your local device.
 -   Only share magic links via secure channels, such as E2E-encrypted chats and emails.
 -   `pagecrypt` only encrypts the contents of a single HTML file, so try to inline as much JS, CSS and other sensitive assets into this HTML file as possible. If you're unable to inline all sensitive assets, you can hide your other assets by placing them on another server, and then only reference the external resources within the `pagecrypt` protected HTML file instead. Of course, these could in turn be protected or hidden if you need to. If executed correctly, this allows you to completely hide what your webpage or app is about by only deploying a single HTML file to the public web. Neat!
 

From dc1155c541354973f1d0f8027473787a320e0bc8 Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <sm2030@cam.ac.uk>
Date: Sun, 20 Aug 2023 16:59:30 +0100
Subject: [PATCH 6/7] self-repair if key is broken but password is correct

---
 package.json              |  2 +-
 src/decrypt-template.html |  2 +-
 test/package.json         |  2 +-
 web/decrypt.ts            | 47 ++++++++++++++++++++++++++++-----------
 4 files changed, 37 insertions(+), 16 deletions(-)

diff --git a/package.json b/package.json
index 3dd16ab..d6c512d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "pagecrypt",
-    "version": "6.2.0",
+    "version": "6.2.1",
     "description": "Easily add client-side password-protection to your Single Page Applications and HTML files.",
     "main": "src/index.ts",
     "type": "module",
diff --git a/src/decrypt-template.html b/src/decrypt-template.html
index dece625..bb66ede 100644
--- a/src/decrypt-template.html
+++ b/src/decrypt-template.html
@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="robots" content="noindex, nofollow">
     <title>Protected Page</title>
-    <script type="module">var c={};Object.defineProperty(c,"__esModule",{value:!0});function h(t,e,r){var s;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var n=t.length;t[n-1]==="=";)if(--n,!r.loose&&!((t.length-n)*e.bits&7))throw new SyntaxError("Invalid padding");for(var l=new((s=r.out)!=null?s:Uint8Array)(n*e.bits/8|0),o=0,i=0,u=0,f=0;f<n;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);i=i<<e.bits|E,o+=e.bits,o>=8&&(o-=8,l[u++]=255&i>>o)}if(o>=e.bits||255&i<<8-o)throw new SyntaxError("Unexpected end of data");return l}function w(t,e,r){r===void 0&&(r={});for(var s=r,a=s.pad,n=a===void 0?!0:a,l=(1<<e.bits)-1,o="",i=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],i+=8;i>e.bits;)i-=e.bits,o+=e.chars[l&u>>i];if(i&&(o+=e.chars[l&u<<e.bits-i]),n)for(;o.length*e.bits&7;)o+="=";return o}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},$={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},U={parse:function(e,r){return h(e.toUpperCase(),L,r)},stringify:function(e,r){return w(e,L,r)}},F={parse:function(e,r){return r===void 0&&(r={}),h(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return w(e,I,r)}},B={parse:function(e,r){return h(e,O,r)},stringify:function(e,r){return w(e,O,r)}},G={parse:function(e,r){return h(e,K,r)},stringify:function(e,r){return w(e,K,r)}},H={parse:function(e,r){return h(e,$,r)},stringify:function(e,r){return w(e,$,r)}},J={parse:h,stringify:w};c.base16=U;c.base32=F;c.base32hex=B;c.base64=G;c.base64url=H;c.codec=J;c.base16;c.base32;c.base32hex;const j=c.base64;c.base64url;c.codec;function y(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=y("input"),m=y("header"),R=y("#msg"),g=y("form"),b=y("#load");let C,N,D,M;document.addEventListener("DOMContentLoaded",async()=>{const t=y("pre[data-i]");if(!t.innerText){d.disabled=!0,x("No encrypted payload.");return}M=Number(t.dataset.i);const e=j.parse(t.innerText);C=e.slice(0,32),N=e.slice(32,32+16),D=e.slice(32+16);const r=localStorage.getItem("pwd");if(r&&(d.value=r),location.hash){const s=new URL(window.location.href);d.value=s.hash.slice(1),s.hash="",history.replaceState(null,"",s.toString())}localStorage.getItem(window.location.href)||d.value?await T():(v(b),S(g),m.classList.replace("hidden","flex"),d.focus())});var P,A;const p=((P=window.crypto)==null?void 0:P.subtle)||((A=window.crypto)==null?void 0:A.webkitSubtle);p||(x("Please use a modern browser."),d.disabled=!0);function S(t){t.classList.remove("hidden")}function v(t){t.classList.add("hidden")}function x(t){R.innerText=t,m.classList.add("red")}g.addEventListener("submit",async t=>{t.preventDefault(),await T()});async function q(t){return new Promise(e=>setTimeout(e,t))}async function T(){b.lastElementChild.innerText="Decrypting...",v(m),v(g),S(b),await q(60);try{const t=await W({salt:C,iv:N,ciphertext:D,iterations:M},d.value);document.write(t),document.close()}catch(t){v(b),S(g),m.classList.replace("hidden","flex"),localStorage.getItem("pwd")?localStorage.removeItem("pwd"):localStorage.getItem(window.location.href)?localStorage.removeItem(window.location.href):x("Wrong password."),d.value="",d.focus()}}async function Q(t,e,r){const s=new TextEncoder,a=await p.importKey("raw",s.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function V(t){return p.importKey("jwk",t,"AES-GCM",!0,["decrypt"])}async function W({salt:t,iv:e,ciphertext:r,iterations:s},a){const n=new TextDecoder;let l=localStorage.getItem(window.location.href);const o=l?await V(JSON.parse(l)):await Q(t,a,s),i=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},o,r));if(!i)throw"Malformed data";return localStorage.setItem(window.location.href,JSON.stringify(await p.exportKey("jwk",o))),localStorage.setItem("pwd",a),n.decode(i)}</script>
+    <script type="module">var c={};Object.defineProperty(c,"__esModule",{value:!0});function w(t,e,r){var o;if(r===void 0&&(r={}),!e.codes){e.codes={};for(var a=0;a<e.chars.length;++a)e.codes[e.chars[a]]=a}if(!r.loose&&t.length*e.bits&7)throw new SyntaxError("Invalid padding");for(var n=t.length;t[n-1]==="=";)if(--n,!r.loose&&!((t.length-n)*e.bits&7))throw new SyntaxError("Invalid padding");for(var l=new((o=r.out)!=null?o:Uint8Array)(n*e.bits/8|0),i=0,s=0,u=0,f=0;f<n;++f){var E=e.codes[t[f]];if(E===void 0)throw new SyntaxError("Invalid character "+t[f]);s=s<<e.bits|E,i+=e.bits,i>=8&&(i-=8,l[u++]=255&s>>i)}if(i>=e.bits||255&s<<8-i)throw new SyntaxError("Unexpected end of data");return l}function y(t,e,r){r===void 0&&(r={});for(var o=r,a=o.pad,n=a===void 0?!0:a,l=(1<<e.bits)-1,i="",s=0,u=0,f=0;f<t.length;++f)for(u=u<<8|255&t[f],s+=8;s>e.bits;)s-=e.bits,i+=e.chars[l&u>>s];if(s&&(i+=e.chars[l&u<<e.bits-s]),n)for(;i.length*e.bits&7;)i+="=";return i}var L={chars:"0123456789ABCDEF",bits:4},I={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZ234567",bits:5},O={chars:"0123456789ABCDEFGHIJKLMNOPQRSTUV",bits:5},A={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",bits:6},K={chars:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",bits:6},F={parse:function(e,r){return w(e.toUpperCase(),L,r)},stringify:function(e,r){return y(e,L,r)}},B={parse:function(e,r){return r===void 0&&(r={}),w(r.loose?e.toUpperCase().replace(/0/g,"O").replace(/1/g,"L").replace(/8/g,"B"):e,I,r)},stringify:function(e,r){return y(e,I,r)}},G={parse:function(e,r){return w(e,O,r)},stringify:function(e,r){return y(e,O,r)}},H={parse:function(e,r){return w(e,A,r)},stringify:function(e,r){return y(e,A,r)}},J={parse:function(e,r){return w(e,K,r)},stringify:function(e,r){return y(e,K,r)}},j={parse:w,stringify:y};c.base16=F;c.base32=B;c.base32hex=G;c.base64=H;c.base64url=J;c.codec=j;c.base16;c.base32;c.base32hex;const R=c.base64;c.base64url;c.codec;function h(t){const e=document.querySelector(t);if(e)return e;throw new Error(`No element found with selector: "${t}"`)}const d=h("input"),m=h("header"),q=h("#msg"),g=h("form"),b=h("#load");let U,M,N,D;document.addEventListener("DOMContentLoaded",async()=>{const t=h("pre[data-i]");if(!t.innerText){d.disabled=!0,x("No encrypted payload.");return}D=Number(t.dataset.i);const e=R.parse(t.innerText);U=e.slice(0,32),M=e.slice(32,32+16),N=e.slice(32+16);const r=localStorage.getItem("pwd");if(r&&(d.value=r),location.hash){const o=new URL(window.location.href);d.value=o.hash.slice(1),o.hash="",history.replaceState(null,"",o.toString())}localStorage.getItem(window.location.href)||d.value?await T():(v(b),S(g),m.classList.replace("hidden","flex"),d.focus())});var C,P;const p=((C=window.crypto)==null?void 0:C.subtle)||((P=window.crypto)==null?void 0:P.webkitSubtle);p||(x("Please use a modern browser."),d.disabled=!0);function S(t){t.classList.remove("hidden")}function v(t){t.classList.add("hidden")}function x(t){q.innerText=t,m.classList.add("red")}g.addEventListener("submit",async t=>{t.preventDefault(),await T()});async function Q(t){return new Promise(e=>setTimeout(e,t))}async function T(){b.lastElementChild.innerText="Decrypting...",v(m),v(g),S(b),await Q(60);try{const t=await W({salt:U,iv:M,ciphertext:N,iterations:D},d.value);document.write(t),document.close()}catch(t){v(b),S(g),m.classList.replace("hidden","flex");let e=!1;localStorage.getItem("pwd")&&(localStorage.removeItem("pwd"),e=!0),localStorage.getItem(window.location.href)&&(localStorage.removeItem(window.location.href),e=!0),e||x("Wrong password."),d.value="",d.focus()}}async function $(t,e,r){const o=new TextEncoder,a=await p.importKey("raw",o.encode(e),"PBKDF2",!1,["deriveKey"]);return await p.deriveKey({name:"PBKDF2",salt:t,iterations:r,hash:"SHA-256"},a,{name:"AES-GCM",length:256},!0,["decrypt"])}async function V(t){return p.importKey("jwk",t,"AES-GCM",!0,["decrypt"])}async function W({salt:t,iv:e,ciphertext:r,iterations:o},a){const n=new TextDecoder;let l=localStorage.getItem(window.location.href),i=null,s=new Uint8Array;try{if(i=l?await V(JSON.parse(l)):await $(t,a,o),s=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},i,r)),!s)throw"Malformed data"}catch(u){localStorage.removeItem(window.location.href),i=await $(t,a,o),s=new Uint8Array(await p.decrypt({name:"AES-GCM",iv:e},i,r))}return localStorage.setItem(window.location.href,JSON.stringify(await p.exportKey("jwk",i))),localStorage.setItem("pwd",a),n.decode(s)}</script>
     <style>*,:before,:after{box-sizing:border-box;border:0}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif}body{margin:0;line-height:inherit}a{color:inherit;text-decoration:inherit}button,input{font-family:inherit;font-size:100%;line-height:inherit;color:inherit;margin:0;padding:0}button{text-transform:none}button,[type=button],[type=reset],[type=submit]{-webkit-appearance:button}:-moz-focusring{outline:auto}:-moz-ui-invalid{box-shadow:none}p{margin:0}input::-moz-placeholder,input:-ms-input-placeholder,input::placeholder{opacity:1}:disabled{cursor:default}svg{display:block;vertical-align:middle}img,video{max-width:100%;height:auto}[hidden]{display:none}:root{--gray-800: #292524;--gray-700: #433f3b}html,body{color:#fff;font-weight:300}main{background:#000;height:100vh;letter-spacing:.025em;padding:4rem 1rem 1rem}.box{max-width:24rem;width:100%;background:var(--gray-800);padding:1rem;border-radius:.125rem;margin:0 auto;height:170px}header{align-items:center;margin-bottom:1rem;gap:.5rem}#pwd{font-weight:200;border-radius:.125rem;background:var(--gray-800);border:1px solid var(--gray-700);padding:.5rem 1rem;width:100%;color:#fff}#pwd:focus{outline:2px solid transparent;outline-offset:2px}.hidden{display:none!important}.flex{display:flex}#load{display:flex;align-items:center;justify-content:center;height:100%}.red{color:#dc2626}.spinner{pointer-events:none;width:1.5rem;height:1.5rem;border:3px solid transparent;border-color:#fff;border-right-width:2px;border-radius:50%;-webkit-animation:spin .5s linear infinite;animation:spin .5s linear infinite;margin-right:.5rem}#load p:last-child{font-size:1.125rem;line-height:1.75rem}[type=submit]{border-radius:.125rem;color:#000;background:#fff;width:100%;padding:.5rem 0;margin-top:1rem;cursor:pointer}@keyframes spin{to{transform:rotate(360deg)}}#locked{width:1.5rem;height:1.5rem}#msg{font-size:.875rem;line-height:1.25rem}@media (min-width: 475px){main{padding-top:10rem}#msg,a{font-size:1rem;line-height:1.5rem}}</style>
 </head>
 <body>
diff --git a/test/package.json b/test/package.json
index 36efd9e..a6d84aa 100644
--- a/test/package.json
+++ b/test/package.json
@@ -12,6 +12,6 @@
         "test:verify": "vite"
     },
     "dependencies": {
-        "pagecrypt": "file:../dist/pagecrypt-6.2.0.tgz"
+        "pagecrypt": "file:../dist/pagecrypt-6.2.1.tgz"
     }
 }
diff --git a/web/decrypt.ts b/web/decrypt.ts
index f44ab66..785c6f2 100644
--- a/web/decrypt.ts
+++ b/web/decrypt.ts
@@ -28,7 +28,7 @@ document.addEventListener('DOMContentLoaded', async () => {
     iv = bytes.slice(32, 32 + 16)
     ciphertext = bytes.slice(32 + 16)
 
-    const pwdOld = localStorage.getItem("pwd")
+    const pwdOld = localStorage.getItem('pwd')
     if (pwdOld) {
         pwd.value = pwdOld
     }
@@ -111,13 +111,20 @@ async function decrypt() {
         show(form)
         header.classList.replace('hidden', 'flex')
 
-        if(localStorage.getItem('pwd')) {
+        let automatic = false
+
+        if (localStorage.getItem('pwd')) {
             // Delete invalid password
             localStorage.removeItem('pwd')
-        } else if (localStorage.getItem(window.location.href)) {
+            automatic = true
+        }
+        if (localStorage.getItem(window.location.href)) {
             // Delete invalid key
             localStorage.removeItem(window.location.href)
-        } else {
+            automatic = true
+        }
+
+        if (!automatic) {
             // Only show when user actually entered a password themselves.
             error('Wrong password.')
         }
@@ -170,19 +177,33 @@ async function decryptFile(
     const decoder = new TextDecoder()
 
     let k = localStorage.getItem(window.location.href)
+    let key: CryptoKey | null
+    let data = new Uint8Array()
 
-    const key = k
-        ? await importKey(JSON.parse(k))
-        : await deriveKey(salt, password, iterations)
+    try {
+        key = k
+            ? await importKey(JSON.parse(k))
+            : await deriveKey(salt, password, iterations)
+        data = new Uint8Array(
+            await subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext),
+        )
+        if (!data) throw 'Malformed data'
+    } catch (e) {
+        // Delete invalid key and try a saved password
+        localStorage.removeItem(window.location.href)
+        key = await deriveKey(salt, password, iterations)
 
-    const data = new Uint8Array(
-        await subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext),
-    )
-    if (!data) throw 'Malformed data'
+        data = new Uint8Array(
+            await subtle.decrypt({ name: 'AES-GCM', iv }, key, ciphertext),
+        )
+    }
 
     // If no exception were thrown, decryption succeded and we can save the key.
-    localStorage.setItem(window.location.href, JSON.stringify(await subtle.exportKey('jwk', key)))
-    localStorage.setItem("pwd", password)
+    localStorage.setItem(
+        window.location.href,
+        JSON.stringify(await subtle.exportKey('jwk', key)),
+    )
+    localStorage.setItem('pwd', password)
 
     return decoder.decode(data)
 }

From 9d698178145fb5ba4a662d6554e6a823cd5835d6 Mon Sep 17 00:00:00 2001
From: Souradip Mookerjee <souramoo@gmx.com>
Date: Sun, 20 Aug 2023 17:00:31 +0100
Subject: [PATCH 7/7] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 73411c0..07667a9 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ It does so by caching the password entered the first time, to use it again for a
 ## Installation:
 
 ```sh
-npm i -D https://github.com/souramoo/pagecrypt/releases/download/6.2.0/pagecrypt-6.2.0.tgz
+npm i -D https://github.com/souramoo/pagecrypt/releases/download/6.2.1/pagecrypt-6.2.1.tgz
 ```
 
 ## Usage for whole directories: