PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-09 18:29:39 +02:00
Code Issues Releases Wiki Activity

SOP encrypt --profile=rfc9580: Only override enc mechanism with seipd2 if exclusively symmetric encryption is used

Browse source
This commit is contained in:
Paul Schaub 2025-06-03 11:51:30 +02:00
parent 24887e2521
commit fd85f8e567
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/EncryptionOptions.kt
View file

@ -9,6 +9,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing
import org.bouncycastle.openpgp.api.MessageEncryptionMechanism import org.bouncycastle.openpgp.api.MessageEncryptionMechanism
import org.bouncycastle.openpgp.api.OpenPGPCertificate import org.bouncycastle.openpgp.api.OpenPGPCertificate
import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey import org.bouncycastle.openpgp.api.OpenPGPCertificate.OpenPGPComponentKey
import org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator
import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
import org.pgpainless.PGPainless import org.pgpainless.PGPainless
import org.pgpainless.algorithm.EncryptionPurpose import org.pgpainless.algorithm.EncryptionPurpose
@ -427,6 +428,9 @@ class EncryptionOptions(private val purpose: EncryptionPurpose, private val api:
fun hasEncryptionMethod() = _encryptionMethods.isNotEmpty() fun hasEncryptionMethod() = _encryptionMethods.isNotEmpty()
fun usesOnlyPasswordBasedEncryption() =
_encryptionMethods.all { it is PBEKeyEncryptionMethodGenerator }
internal fun negotiateEncryptionMechanism(): MessageEncryptionMechanism { internal fun negotiateEncryptionMechanism(): MessageEncryptionMechanism {
if (encryptionMechanismOverride != null) { if (encryptionMechanismOverride != null) {
return encryptionMechanismOverride!! return encryptionMechanismOverride!!

3
pgpainless-sop/src/main/kotlin/org/pgpainless/sop/EncryptImpl.kt
View file

@ -63,7 +63,8 @@ class EncryptImpl(private val api: PGPainless) : Encrypt {
throw SOPGPException.MissingArg("Missing encryption method.") throw SOPGPException.MissingArg("Missing encryption method.")
} }
if (profile == RFC9580_PROFILE.name) { if (encryptionOptions.usesOnlyPasswordBasedEncryption() &&
profile == RFC9580_PROFILE.name) {
encryptionOptions.overrideEncryptionMechanism( encryptionOptions.overrideEncryptionMechanism(
MessageEncryptionMechanism.aead( MessageEncryptionMechanism.aead(
SymmetricKeyAlgorithm.AES_128.algorithmId, AEADAlgorithm.OCB.algorithmId)) SymmetricKeyAlgorithm.AES_128.algorithmId, AEADAlgorithm.OCB.algorithmId))