diff --git a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java index efed9472..7d8481e3 100644 --- a/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java +++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/DecryptImpl.java @@ -149,6 +149,10 @@ public class DecryptImpl implements Decrypt { decryptionStream.close(); OpenPgpMetadata metadata = decryptionStream.getResult(); + if (!metadata.isEncrypted()) { + throw new SOPGPException.BadData("Data is not encrypted."); + } + List verificationList = new ArrayList<>(); for (SignatureVerification signatureVerification : metadata.getVerifiedInbandSignatures()) { verificationList.add(map(signatureVerification)); diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java index 6f7e3d47..515cf71d 100644 --- a/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java +++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java @@ -515,4 +515,22 @@ public class EncryptDecryptRoundTripTest { assertThrows(SOPGPException.BadData.class, () -> sop.decrypt().withSessionKey(wrongSessionKey).ciphertext(ciphertext)); } + + @Test + public void decryptNonEncryptedDataFailsBadData() throws IOException { + byte[] signed = sop.inlineSign() + .key(aliceKey) + .withKeyPassword(alicePassword) + .data(message) + .getBytes(); + + assertThrows(SOPGPException.BadData.class, () -> + sop.decrypt() + .verifyWithCert(aliceCert) + .withKey(aliceKey) + .withKeyPassword(alicePassword) + .ciphertext(signed) + .toByteArrayAndResult() + ); + } }