1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-09 19:57:57 +01:00

Extract secret key checksum algorithm into constant

This commit is contained in:
Paul Schaub 2020-10-30 12:28:11 +01:00
parent 2c2acb996a
commit 04420f8dac
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -51,6 +51,11 @@ import org.pgpainless.util.Passphrase;
public class KeyRingEditor implements KeyRingEditorInterface { public class KeyRingEditor implements KeyRingEditorInterface {
// Default algorithm for calculating private key checksums
// While I'd like to use something else, eg. SHA256, BC seems to lack support for
// calculating secret key checksums with algorithms other than SHA1.
private final HashAlgorithm defaultDigestHashAlgorithm = HashAlgorithm.SHA1;
private PGPSecretKeyRing secretKeyRing; private PGPSecretKeyRing secretKeyRing;
public KeyRingEditor(PGPSecretKeyRing secretKeyRing) { public KeyRingEditor(PGPSecretKeyRing secretKeyRing) {
@ -64,10 +69,8 @@ public class KeyRingEditor implements KeyRingEditorInterface {
public KeyRingEditorInterface addUserId(String userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException { public KeyRingEditorInterface addUserId(String userId, SecretKeyRingProtector secretKeyRingProtector) throws PGPException {
userId = sanitizeUserId(userId); userId = sanitizeUserId(userId);
PGPDigestCalculator digestCalculator = new BcPGPDigestCalculatorProvider().get( PGPDigestCalculator digestCalculator = new BcPGPDigestCalculatorProvider()
// TODO: Is SHA1 still a good choice? .get(defaultDigestHashAlgorithm.getAlgorithmId());
// If not, what to use/how to make a proper choice?
HashAlgorithm.SHA1.getAlgorithmId());
// Unlock primary secret key // Unlock primary secret key
Iterator<PGPSecretKey> secretKeys = secretKeyRing.getSecretKeys(); Iterator<PGPSecretKey> secretKeys = secretKeyRing.getSecretKeys();
@ -282,8 +285,7 @@ public class KeyRingEditor implements KeyRingEditorInterface {
// TODO: Move to utility class // TODO: Move to utility class
private PGPSecretKey lockPrivateKey(PGPPrivateKey privateKey, PGPPublicKey publicKey, SecretKeyRingProtector protector) throws PGPException { private PGPSecretKey lockPrivateKey(PGPPrivateKey privateKey, PGPPublicKey publicKey, SecretKeyRingProtector protector) throws PGPException {
PGPDigestCalculator checksumCalculator = new BcPGPDigestCalculatorProvider() PGPDigestCalculator checksumCalculator = new BcPGPDigestCalculatorProvider()
// TODO: Again, SHA1? .get(defaultDigestHashAlgorithm.getAlgorithmId());
.get(HashAlgorithm.SHA1.getAlgorithmId());
PBESecretKeyEncryptor encryptor = protector.getEncryptor(publicKey.getKeyID()); PBESecretKeyEncryptor encryptor = protector.getEncryptor(publicKey.getKeyID());
PGPSecretKey secretKey = new PGPSecretKey(privateKey, publicKey, checksumCalculator, publicKey.isMasterKey(), encryptor); PGPSecretKey secretKey = new PGPSecretKey(privateKey, publicKey, checksumCalculator, publicKey.isMasterKey(), encryptor);
return secretKey; return secretKey;