Fix sop encrypt --sign-with allowing for protected keys

2025-09-10 10:49:39 +02:00 · 2022-06-19 17:50:31 +02:00 · 2022-06-19 17:50:31 +02:00 · d64e749f22
commit d64e749f22
parent 75455f1a3c
3 changed files with 43 additions and 14 deletions
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/EncryptDecryptRoundTripTest.java
@ -38,6 +38,7 @@ public class EncryptDecryptRoundTripTest {
        sop = new SOPImpl();
        aliceKey = sop.generateKey()
                .userId("Alice <alice@pgpainless.org>")
+                .withKeyPassword("wonderland.is.c00l")
                .generate()
                .getBytes();
        aliceCert = sop.extractCert()
@ -56,6 +57,7 @@ public class EncryptDecryptRoundTripTest {
    public void basicRoundTripWithKey() throws IOException, SOPGPException.KeyCannotSign {
        byte[] encrypted = sop.encrypt()
                .signWith(aliceKey)
+                .withKeyPassword("wonderland.is.c00l")
                .withCert(aliceCert)
                .withCert(bobCert)
                .plaintext(message)
@ -426,6 +428,15 @@ public class EncryptDecryptRoundTripTest {
        assertArrayEquals(message, bytesAndResult.getBytes());
    }

+    @Test
+    public void testEncryptWithWrongPassphraseThrowsKeyIsProtected() {
+        assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.encrypt()
+                .withKeyPassword("falsePassphrase")
+                .signWith(aliceKey)
+                .withCert(bobCert)
+                .plaintext(message));
+    }
+
    @Test
    public void testDecryptionWithSessionKey_VerificationWithCert() throws IOException {
        byte[] plaintext = "This is a test message.\nSit back and relax.\n".getBytes(StandardCharsets.UTF_8);
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/IncapableKeysTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/IncapableKeysTest.java
@ -64,4 +64,9 @@ public class IncapableKeysTest {
        assertThrows(SOPGPException.KeyCannotSign.class, () -> sop.detachedSign().key(nonSigningKey));
        assertThrows(SOPGPException.KeyCannotSign.class, () -> sop.inlineSign().key(nonSigningKey));
    }
+
+    @Test
+    public void encryptAndSignWithNonSigningKeyFails() {
+        assertThrows(SOPGPException.KeyCannotSign.class, () -> sop.encrypt().signWith(nonSigningKey));
+    }
 }