Prevent message decryption using non-encryption key

2024-11-23 04:42:06 +01:00 · 2021-12-13 12:27:32 +01:00 · 2021-12-13 12:27:32 +01:00 · 80e12db8b6
commit 80e12db8b6
parent e59a8884c1
1 changed files with 16 additions and 1 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@ -393,7 +393,22 @@ public final class DecryptionStreamFactory {
                    continue;
                }

-                PGPSecretKey secretKey = secretKeys.getSecretKey(keyId);
+                // Make sure that the recipient key is encryption capable and non-expired
+                KeyRingInfo info = new KeyRingInfo(secretKeys);
+                List<PGPPublicKey> encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
+
+                PGPSecretKey secretKey = null;
+                for (PGPPublicKey pubkey : encryptionSubkeys) {
+                    if (pubkey.getKeyID() == keyId) {
+                        secretKey = secretKeys.getSecretKey(keyId);
+                        break;
+                    }
+                }
+
+                if (secretKey == null) {
+                    LOGGER.debug("Key " + Long.toHexString(keyId) + " is not valid or not capable for decryption.");
+                }
+
                privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true);
            }
            if (privateKey == null) {