PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-23 04:42:06 +01:00
Code Issues Releases Wiki Activity

Prevent message decryption using non-encryption key

Browse source
This commit is contained in:
Paul Schaub 2021-12-13 12:27:32 +01:00
parent e59a8884c1
commit 80e12db8b6
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
View file

@ -393,7 +393,22 @@ public final class DecryptionStreamFactory {
continue; continue;
} }
PGPSecretKey secretKey = secretKeys.getSecretKey(keyId); // Make sure that the recipient key is encryption capable and non-expired
KeyRingInfo info = new KeyRingInfo(secretKeys);
List<PGPPublicKey> encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
PGPSecretKey secretKey = null;
for (PGPPublicKey pubkey : encryptionSubkeys) {
if (pubkey.getKeyID() == keyId) {
secretKey = secretKeys.getSecretKey(keyId);
break;
}
}
if (secretKey == null) {
LOGGER.debug("Key " + Long.toHexString(keyId) + " is not valid or not capable for decryption.");
}
privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true); privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true);
} }
if (privateKey == null) { if (privateKey == null) {