desktop: disable os encryption of keystore in portable app

apps/desktop/src/api/safe-storage.ts

@@ -23,16 +23,22 @@ import { z } from "zod";
 const t = initTRPC.create();
 
 export const safeStorageRouter = t.router({
+  isEncryptionAvailable: t.procedure.query(() => {
+    return (
+      !process.env.PORTABLE_EXECUTABLE_DIR &&
+      safeStorage.isEncryptionAvailable()
+    );
+  }),
   /**
    * Takes a string and returns an encrypted base64 string
    */
-  encryptString: t.procedure.input(z.string()).query(async ({ input }) => {
+  encryptString: t.procedure.input(z.string()).query(({ input }) => {
     return safeStorage.encryptString(input).toString("base64");
   }),
   /**
    * Takes an encrypted base64 string and returns a string
    */
-  decryptString: t.procedure.input(z.string()).query(async ({ input }) => {
+  decryptString: t.procedure.input(z.string()).query(({ input }) => {
     return safeStorage.decryptString(Buffer.from(input, "base64"));
   })
 });

apps/web/src/interfaces/key-store.ts

@@ -392,7 +392,11 @@ class KeyStore extends BaseStore<KeyStore> {
       this.#wrappingKeyId
     );
 
-    if (desktop && !wrappingKey) {
+    if (
+      desktop &&
+      !wrappingKey &&
+      (await desktop.safeStorage.isEncryptionAvailable.query())
+    ) {
       const decrypted = Buffer.from(
         await desktop.safeStorage.decryptString.query(
           Buffer.from(wrappedKey).toString("base64")
@@ -424,7 +428,11 @@ class KeyStore extends BaseStore<KeyStore> {
         ["encrypt", "decrypt"]
       ));
 
-    if (IS_DESKTOP_APP && desktop) {
+    if (
+      IS_DESKTOP_APP &&
+      desktop &&
+      (await desktop.safeStorage.isEncryptionAvailable.query())
+    ) {
       const encrypted = Buffer.from(
         await desktop.safeStorage.encryptString.query(
           Buffer.from(