mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-11-26 22:32:07 +01:00
Prevent message decryption using non-encryption key
This commit is contained in:
parent
e59a8884c1
commit
80e12db8b6
1 changed files with 16 additions and 1 deletions
|
@ -393,7 +393,22 @@ public final class DecryptionStreamFactory {
|
|||
continue;
|
||||
}
|
||||
|
||||
PGPSecretKey secretKey = secretKeys.getSecretKey(keyId);
|
||||
// Make sure that the recipient key is encryption capable and non-expired
|
||||
KeyRingInfo info = new KeyRingInfo(secretKeys);
|
||||
List<PGPPublicKey> encryptionSubkeys = info.getEncryptionSubkeys(EncryptionPurpose.ANY);
|
||||
|
||||
PGPSecretKey secretKey = null;
|
||||
for (PGPPublicKey pubkey : encryptionSubkeys) {
|
||||
if (pubkey.getKeyID() == keyId) {
|
||||
secretKey = secretKeys.getSecretKey(keyId);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (secretKey == null) {
|
||||
LOGGER.debug("Key " + Long.toHexString(keyId) + " is not valid or not capable for decryption.");
|
||||
}
|
||||
|
||||
privateKey = tryPublicKeyDecryption(secretKeys, secretKey, publicKeyEncryptedData, postponedDueToMissingPassphrase, true);
|
||||
}
|
||||
if (privateKey == null) {
|
||||
|
|
Loading…
Reference in a new issue