Storing the SHA-256 hash of the encryption key and its encrypted form
Scenario is here:
Random AES-GCM encryption key is generated using the web crypto module on the client-side.
The next encryption key is derived using the user’s password with PBKDF2-SHA-512.
The key from step 1 is exported to raw format, …