From 03fb81a77efb00b65e05ea44ab2cd76280b6ab3e Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 15 May 2021 20:43:56 +0200 Subject: [PATCH] Create separate symmetric key algorithm policies for encryption/decryption --- .../key/generation/KeyRingBuilder.java | 2 +- .../java/org/pgpainless/policy/Policy.java | 59 +++++++++++++++---- 2 files changed, 49 insertions(+), 12 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java index 135103e7..8f70b51d 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/generation/KeyRingBuilder.java @@ -450,7 +450,7 @@ public class KeyRingBuilder implements KeyRingBuilderInterface { } private PBESecretKeyEncryptor buildSecretKeyEncryptor() { - SymmetricKeyAlgorithm keyEncryptionAlgorithm = PGPainless.getPolicy().getSymmetricKeyAlgorithmPolicy() + SymmetricKeyAlgorithm keyEncryptionAlgorithm = PGPainless.getPolicy().getSymmetricKeyEncryptionAlgorithmPolicy() .getDefaultSymmetricKeyAlgorithm(); PBESecretKeyEncryptor encryptor = passphrase == null || passphrase.isEmpty() ? null : // unencrypted key pair, otherwise AES-256 encrypted diff --git a/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java b/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java index b2f63e21..f7a038ec 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java +++ b/pgpainless-core/src/main/java/org/pgpainless/policy/Policy.java @@ -34,8 +34,10 @@ public final class Policy { HashAlgorithmPolicy.defaultSignatureAlgorithmPolicy(); private HashAlgorithmPolicy revocationSignatureHashAlgorithmPolicy = HashAlgorithmPolicy.defaultRevocationSignatureHashAlgorithmPolicy(); - private SymmetricKeyAlgorithmPolicy symmetricKeyAlgorithmPolicy = - SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyAlgorithmPolicy(); + private SymmetricKeyAlgorithmPolicy symmetricKeyEncryptionAlgorithmPolicy = + SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyEncryptionAlgorithmPolicy(); + private SymmetricKeyAlgorithmPolicy symmetricKeyDecryptionAlgorithmPolicy = + SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyEncryptionAlgorithmPolicy(); private final NotationRegistry notationRegistry = new NotationRegistry(); private Policy() { @@ -97,25 +99,47 @@ public final class Policy { } /** - * Return the symmetric encryption algorithm policy. - * This policy defines which symmetric algorithms are acceptable. + * Return the symmetric encryption algorithm policy for encryption. + * This policy defines which symmetric algorithms are acceptable when producing encrypted messages. * - * @return symmetric algorithm policy + * @return symmetric algorithm policy for encryption */ - public SymmetricKeyAlgorithmPolicy getSymmetricKeyAlgorithmPolicy() { - return symmetricKeyAlgorithmPolicy; + public SymmetricKeyAlgorithmPolicy getSymmetricKeyEncryptionAlgorithmPolicy() { + return symmetricKeyEncryptionAlgorithmPolicy; } /** - * Set a custom symmetric encryption algorithm policy. + * Return the symmetric encryption algorithm policy for decryption. + * This policy defines which symmetric algorithms are acceptable when decrypting encrypted messages. + * + * @return symmetric algorithm policy for decryption + */ + public SymmetricKeyAlgorithmPolicy getSymmetricKeyDecryptionAlgoritmPolicy() { + return symmetricKeyDecryptionAlgorithmPolicy; + } + + /** + * Set a custom symmetric encryption algorithm policy for encrypting messages. * * @param policy custom policy */ - public void setSymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithmPolicy policy) { + public void setSymmetricKeyEncryptionAlgorithmPolicy(SymmetricKeyAlgorithmPolicy policy) { if (policy == null) { throw new NullPointerException("Policy cannot be null."); } - this.symmetricKeyAlgorithmPolicy = policy; + this.symmetricKeyEncryptionAlgorithmPolicy = policy; + } + + /** + * Set a custom symmetric encryption algorithm policy for decrypting messages. + * + * @param policy custom policy + */ + public void setSymmetricKeyDecryptionAlgorithmPolicy(SymmetricKeyAlgorithmPolicy policy) { + if (policy == null) { + throw new NullPointerException("Policy cannot be null."); + } + this.symmetricKeyDecryptionAlgorithmPolicy = policy; } public static final class SymmetricKeyAlgorithmPolicy { @@ -164,7 +188,20 @@ public final class Policy { * * @return default symmetric encryption algorithm policy */ - public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyAlgorithmPolicy() { + public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyEncryptionAlgorithmPolicy() { + return new SymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithm.AES_256, Arrays.asList( + SymmetricKeyAlgorithm.BLOWFISH, + SymmetricKeyAlgorithm.AES_128, + SymmetricKeyAlgorithm.AES_192, + SymmetricKeyAlgorithm.AES_256, + SymmetricKeyAlgorithm.TWOFISH, + SymmetricKeyAlgorithm.CAMELLIA_128, + SymmetricKeyAlgorithm.CAMELLIA_192, + SymmetricKeyAlgorithm.CAMELLIA_256 + )); + } + + public static SymmetricKeyAlgorithmPolicy defaultSymmetricKeyDecryptionAlgorithmPolicy() { return new SymmetricKeyAlgorithmPolicy(SymmetricKeyAlgorithm.AES_256, Arrays.asList( SymmetricKeyAlgorithm.IDEA, SymmetricKeyAlgorithm.CAST5,