fix(client/sync): Pass through precise error on `SyncError::WrongKey`HEADmain

2 files changed, 6 insertions, 5 deletions

diff --git a/crates/turtle/src/atuin_client/record/encryption.rs b/crates/turtle/src/atuin_client/record/encryption.rs
index 96ab463e..d8587cf6 100644
--- a/crates/turtle/src/atuin_client/record/encryption.rs
+++ b/crates/turtle/src/atuin_client/record/encryption.rs
@@ -68,7 +68,6 @@ impl Encryption for PASETO_V4 {
         // aka content-encryption-key (CEK)
         let random_key = Key::<V4, Local>::new_os_random();
 
-        // encode the implicit assertions
         let assertions = Assertions::from(ad).encode();
 
         // build the payload and encrypt the token
@@ -145,11 +144,12 @@ impl PASETO_V4 {
     fn encrypt_cek(cek: Key<V4, Local>, key: &[u8; 32]) -> String {
         // aka key-encryption-key (KEK)
         let wrapping_key = Key::<V4, Local>::from_bytes(*key);
+        let kid = wrapping_key.to_id();
 
         // wrap the random key so we can decrypt it later
         let wrapped_cek = AtuinFooter {
             wpk: cek.wrap_pie(&wrapping_key),
-            kid: wrapping_key.to_id(),
+            kid,
         };
         serde_json::to_string(&wrapped_cek).expect("could not serialize wrapped cek")
     }
diff --git a/crates/turtle/src/atuin_client/record/sync.rs b/crates/turtle/src/atuin_client/record/sync.rs
index b12d96c1..da05533c 100644
--- a/crates/turtle/src/atuin_client/record/sync.rs
+++ b/crates/turtle/src/atuin_client/record/sync.rs
@@ -347,9 +347,10 @@ pub(crate) async fn check_encryption_key(
         return Ok(());
     };
 
-    record
-        .decrypt::<PASETO_V4>(encryption_key)
-        .map_err(|_| SyncError::WrongKey)?;
+    record.decrypt::<PASETO_V4>(encryption_key).map_err(|err| {
+        error!("Wrong key error: {err}");
+        SyncError::WrongKey
+    })?;
 
     Ok(())
 }