1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-23 04:42:06 +01:00

Prevent message decryption using non-encryption key

This commit is contained in:
Paul Schaub 2021-12-13 12:27:32 +01:00
parent e59a8884c1
commit 80e12db8b6
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -393,7 +393,22 @@ public final class DecryptionStreamFactory {
continue; continue;
} }
PGPSecretKey secretKey = secretKeys.getSecretKey(keyId); // Make sure that the recipient key is encryption capable and non-expired
KeyRingInfo info = new KeyRingInfo(secretKeys);
List<PGPPublicKey> encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
PGPSecretKey secretKey = null;
for (PGPPublicKey pubkey : encryptionSubkeys) {
if (pubkey.getKeyID() == keyId) {
secretKey = secretKeys.getSecretKey(keyId);
break;
}
}
if (secretKey == null) {
LOGGER.debug("Key " + Long.toHexString(keyId) + " is not valid or not capable for decryption.");
}
privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true); privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true);
} }
if (privateKey == null) { if (privateKey == null) {