mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-23 03:17:58 +01:00
Use BCs PGPEncryptedDataList.extractSessionKeyEncryptedData() for decryption with session key
This commit is contained in:
parent
f80b3e0cdb
commit
59e81dc514
1 changed files with 8 additions and 22 deletions
|
@ -33,6 +33,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
|
||||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
|
import org.bouncycastle.openpgp.PGPSessionKeyEncryptedData;
|
||||||
import org.bouncycastle.openpgp.PGPSignature;
|
import org.bouncycastle.openpgp.PGPSignature;
|
||||||
import org.bouncycastle.openpgp.PGPSignatureList;
|
import org.bouncycastle.openpgp.PGPSignatureList;
|
||||||
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
|
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
|
||||||
|
@ -444,29 +445,14 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
||||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
||||||
sessionKey.getAlgorithm(), metadata.depth + 1);
|
sessionKey.getAlgorithm(), metadata.depth + 1);
|
||||||
|
|
||||||
|
PGPSessionKeyEncryptedData sessionKeyEncryptedData = encDataList.extractSessionKeyEncryptedData();
|
||||||
try {
|
try {
|
||||||
// TODO: Use BCs new API once shipped
|
InputStream decrypted = sessionKeyEncryptedData.getDataStream(decryptorFactory);
|
||||||
// see https://github.com/bcgit/bc-java/pull/1228 (discussion)
|
encryptedData.sessionKey = sessionKey;
|
||||||
PGPEncryptedData esk = esks.all().get(0);
|
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, sessionKeyEncryptedData, options);
|
||||||
if (esk instanceof PGPPBEEncryptedData) {
|
nestedInputStream = new OpenPgpMessageInputStream(integrityProtected, options, encryptedData, policy);
|
||||||
PGPPBEEncryptedData skesk = (PGPPBEEncryptedData) esk;
|
LOGGER.debug("Successfully decrypted data with provided session key");
|
||||||
InputStream decrypted = skesk.getDataStream(decryptorFactory);
|
return true;
|
||||||
encryptedData.sessionKey = sessionKey;
|
|
||||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, skesk, options);
|
|
||||||
nestedInputStream = new OpenPgpMessageInputStream(integrityProtected, options, encryptedData, policy);
|
|
||||||
LOGGER.debug("Successfully decrypted data with provided session key");
|
|
||||||
return true;
|
|
||||||
} else if (esk instanceof PGPPublicKeyEncryptedData) {
|
|
||||||
PGPPublicKeyEncryptedData pkesk = (PGPPublicKeyEncryptedData) esk;
|
|
||||||
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
|
|
||||||
encryptedData.sessionKey = sessionKey;
|
|
||||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
|
||||||
nestedInputStream = new OpenPgpMessageInputStream(integrityProtected, options, encryptedData, policy);
|
|
||||||
LOGGER.debug("Successfully decrypted data with provided session key");
|
|
||||||
return true;
|
|
||||||
} else {
|
|
||||||
throw new RuntimeException("Unknown ESK class type: " + esk.getClass().getName());
|
|
||||||
}
|
|
||||||
} catch (PGPException e) {
|
} catch (PGPException e) {
|
||||||
// Session key mismatch?
|
// Session key mismatch?
|
||||||
LOGGER.debug("Decryption using provided session key failed. Mismatched session key and message?", e);
|
LOGGER.debug("Decryption using provided session key failed. Mismatched session key and message?", e);
|
||||||
|
|
Loading…
Reference in a new issue