From 5280e6c0ee5c3ba6ddf65dcc097e309b32173e15 Mon Sep 17 00:00:00 2001
From: Bryan Gerlach <bryan.r.gerlach@gmail.com>
Date: Sun, 11 Jan 2026 11:04:44 -0600
Subject: [PATCH] encryption stuff testing

---
 .github/workflows/generator-windows.yml | 73 +++++++++++++------------
 1 file changed, 37 insertions(+), 36 deletions(-)

diff --git a/.github/workflows/generator-windows.yml b/.github/workflows/generator-windows.yml
index c167c8d..1b0234d 100644
--- a/.github/workflows/generator-windows.yml
+++ b/.github/workflows/generator-windows.yml
@@ -100,47 +100,48 @@ jobs:
           from cryptography.hazmat.primitives.asymmetric import padding
 
           try:
-              # 1. Load Private Key
-              private_key_raw = os.environ.get('PRIVATE_KEY', '')
-              private_key = serialization.load_pem_private_key(
-                  private_key_raw.encode(), 
-                  password=None
+            # 1. Load Private Key
+            private_key_raw = os.environ.get('PRIVATE_KEY', '')
+            private_key = serialization.load_pem_private_key(
+              private_key_raw.encode(), 
+              password=None
+            )
+
+            # 2. Decrypt the Session Key
+            # Ensure we strip any accidental whitespace
+            encrypted_key_b64 = os.environ.get('ENCRYPTED_KEY', '').strip()
+            encrypted_key_bytes = base64.b64decode(encrypted_key_b64)
+            print(f"Key B64 Length: {len(encrypted_key_b64)}")
+            
+            session_key = private_key.decrypt(
+              encrypted_key_bytes,
+              padding.OAEP(
+                mgf=padding.MGF1(algorithm=hashes.SHA256()),
+                algorithm=hashes.SHA256(),
+                label=None
               )
+            )
 
-              # 2. Decrypt the Session Key
-              # Ensure we strip any accidental whitespace
-              encrypted_key_b64 = os.environ.get('ENCRYPTED_KEY', '').strip()
-              encrypted_key_bytes = base64.b64decode(encrypted_key_b64)
-              
-              session_key = private_key.decrypt(
-                  encrypted_key_bytes,
-                  padding.OAEP(
-                      mgf=padding.MGF1(algorithm=hashes.SHA256()),
-                      algorithm=hashes.SHA256(),
-                      label=None
-                  )
-              )
+            # 3. Decrypt the Data Bundle
+            # Fernet keys must be the exact bytes we decrypted
+            fernet = Fernet(session_key)
+            
+            encrypted_data_str = os.environ.get('ENCRYPTED_DATA', '').strip()
+            # Convert string back to bytes for Fernet
+            decrypted_json = fernet.decrypt(encrypted_data_str.encode()).decode('utf-8')
+            
+            data = json.loads(decrypted_json)
 
-              # 3. Decrypt the Data Bundle
-              # Fernet keys must be the exact bytes we decrypted
-              fernet = Fernet(session_key)
-              
-              encrypted_data_str = os.environ.get('ENCRYPTED_DATA', '').strip()
-              # Convert string back to bytes for Fernet
-              decrypted_json = fernet.decrypt(encrypted_data_str.encode()).decode('utf-8')
-              
-              data = json.loads(decrypted_json)
-
-              with open(os.environ['GITHUB_ENV'], 'a') as f:
-                  for key, value in data.items():
-                      print(f"::add-mask::{value}")
-                      f.write(f"VAR_{key.upper()}={value}\n")
+            with open(os.environ['GITHUB_ENV'], 'a') as f:
+              for key, value in data.items():
+                print(f"::add-mask::{value}")
+                f.write(f"VAR_{key.upper()}={value}\n")
                       
           except Exception as e:
-              print(f"Decryption failed! Error: {str(e)}")
-              # Print the first 10 chars of data to see if it's empty/malformed (safe)
-              print(f"Data snippet: {os.environ.get('ENCRYPTED_DATA', '')[:10]}...")
-              exit(1)
+            print(f"Decryption failed! Error: {str(e)}")
+            # Print the first 10 chars of data to see if it's empty/malformed (safe)
+            print(f"Data snippet: {os.environ.get('ENCRYPTED_DATA', '')[:10]}...")
+            exit(1)
 
       - name: Export GitHub Actions cache environment variables
         uses: actions/github-script@v6