From 80e12db8b683193fcf4c4365a37b21498c8dbac4 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 13 Dec 2021 12:27:32 +0100 Subject: [PATCH] Prevent message decryption using non-encryption key --- .../DecryptionStreamFactory.java | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java index d6864104..40c0af61 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java +++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java @@ -393,7 +393,22 @@ public final class DecryptionStreamFactory { continue; } - PGPSecretKey secretKey = secretKeys.getSecretKey(keyId); + // Make sure that the recipient key is encryption capable and non-expired + KeyRingInfo info = new KeyRingInfo(secretKeys); + List encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY); + + PGPSecretKey secretKey = null; + for (PGPPublicKey pubkey : encryptionSubkeys) { + if (pubkey.getKeyID() == keyId) { + secretKey = secretKeys.getSecretKey(keyId); + break; + } + } + + if (secretKey == null) { + LOGGER.debug("Key " + Long.toHexString(keyId) + " is not valid or not capable for decryption."); + } + privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true); } if (privateKey == null) {