From 0196e3ce65f76b5be8bd58b2730bd715614dc4d2 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Sun, 11 Aug 2024 13:40:05 +0200
Subject: [PATCH] Identify key by fingerprint for v6

---
 .../extensions/PGPSecretKeyRingExtensions.kt             | 9 +++++++--
 .../decryption_verification/OpenPgpMessageInputStream.kt | 6 ++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt
index 99c562e6..708d6931 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt
@@ -70,10 +70,15 @@ fun PGPSecretKeyRing.getSecretKeyFor(signature: PGPSignature): PGPSecretKey? =
 
 /** Return the [PGPSecretKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
 fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGPSecretKey? =
-    this.getSecretKey(onePassSignature.keyID)
+    when (onePassSignature.version) {
+        3 -> this.getSecretKey(onePassSignature.keyID)
+        6 -> this.getSecretKey(onePassSignature.fingerprint)
+        else -> throw NotImplementedError("Version ${onePassSignature.version} OPSs are not yet supported.")
+    }
 
 fun PGPSecretKeyRing.getSecretKeyFor(pkesk: PGPPublicKeyEncryptedData): PGPSecretKey? =
     when (pkesk.version) {
         3 -> this.getSecretKey(pkesk.keyID)
-        else -> throw NotImplementedError("Version 6 PKESKs are not yet supported.")
+        6 -> this.getSecretKey(pkesk.fingerprint)
+        else -> throw NotImplementedError("Version ${pkesk.version} PKESKs are not yet supported.")
     }
diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
index bd24b245..2b363a30 100644
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
@@ -684,7 +684,8 @@ class OpenPgpMessageInputStream(
                 PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
                     when (pkesk.version) {
                         3 -> pkesk.keyID == subkey.keyID
-                        else -> throw NotImplementedError("Version 6 PKESK not yet supported.")
+                        6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint)
+                        else -> false
                     }
                 }
         }
@@ -695,7 +696,8 @@ class OpenPgpMessageInputStream(
                 PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
                     when (pkesk.version) {
                         3 -> pkesk.keyID == subkey.keyID
-                        else -> throw NotImplementedError("Version 6 PKESK not yet supported.")
+                        6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint)
+                        else -> false
                     }
                 }
         }