1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-23 03:17:58 +01:00

Use BCs PGPEncryptedDataList.extractSessionKeyEncryptedData() for decryption with session key

This commit is contained in:
Paul Schaub 2022-11-03 13:04:13 +01:00
parent f80b3e0cdb
commit 59e81dc514

View file

@ -33,6 +33,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSessionKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList; import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory; import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
@ -444,29 +445,14 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData( MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
sessionKey.getAlgorithm(), metadata.depth + 1); sessionKey.getAlgorithm(), metadata.depth + 1);
PGPSessionKeyEncryptedData sessionKeyEncryptedData = encDataList.extractSessionKeyEncryptedData();
try { try {
// TODO: Use BCs new API once shipped InputStream decrypted = sessionKeyEncryptedData.getDataStream(decryptorFactory);
// see https://github.com/bcgit/bc-java/pull/1228 (discussion) encryptedData.sessionKey = sessionKey;
PGPEncryptedData esk = esks.all().get(0); IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, sessionKeyEncryptedData, options);
if (esk instanceof PGPPBEEncryptedData) { nestedInputStream = new OpenPgpMessageInputStream(integrityProtected, options, encryptedData, policy);
PGPPBEEncryptedData skesk = (PGPPBEEncryptedData) esk; LOGGER.debug("Successfully decrypted data with provided session key");
InputStream decrypted = skesk.getDataStream(decryptorFactory); return true;
encryptedData.sessionKey = sessionKey;
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, skesk, options);
nestedInputStream = new OpenPgpMessageInputStream(integrityProtected, options, encryptedData, policy);
LOGGER.debug("Successfully decrypted data with provided session key");
return true;
} else if (esk instanceof PGPPublicKeyEncryptedData) {
PGPPublicKeyEncryptedData pkesk = (PGPPublicKeyEncryptedData) esk;
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
encryptedData.sessionKey = sessionKey;
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
nestedInputStream = new OpenPgpMessageInputStream(integrityProtected, options, encryptedData, policy);
LOGGER.debug("Successfully decrypted data with provided session key");
return true;
} else {
throw new RuntimeException("Unknown ESK class type: " + esk.getClass().getName());
}
} catch (PGPException e) { } catch (PGPException e) {
// Session key mismatch? // Session key mismatch?
LOGGER.debug("Decryption using provided session key failed. Mismatched session key and message?", e); LOGGER.debug("Decryption using provided session key failed. Mismatched session key and message?", e);