8000 Fix PGPSecretKey.copyWithNewPassword() for AEAD by vanitasvitae · Pull Request #1882 · bcgit/bc-java · GitHub
[go: up one dir, main page]
Skip to content

Fix PGPSecretKey.copyWithNewPassword() for AEAD #1882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Fix PGPSecretKey.copyWithNewPassword() for AEAD #1882

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
64732e3
Add test for reencryption using AEAD
vanitasvitae Oct 25, 2024
fe12757
PGPSecretKey.copyWithNewPassword: Fix S2KUsage if newKeyEncryptor is …
vanitasvitae Oct 25, 2024
efaa203
Fix NPE in copyWithNewPassword
vanitasvitae Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Add test for reencryption using AEAD
  • Loading branch information
@vanitasvitae
vanitasvitae committed Oct 25, 2024
commit 64732e3f04bf9d01d5885cd0afdff9f2fc8e8c5c
57 changes: 57 additions & 0 deletions pg/src/test/java/org/bouncycastle/openpgp/test/AEADProtectedPGPSecretKeyTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,12 @@
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.openpgp.operator.PBESecretKeyEncryptor;
import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcAEADSecretKeyEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyEncryptorBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcPGPKeyPair;
import org.bouncycastle.openpgp.operator.jcajce.JcaAEADSecretKeyEncryptorBuilder;
Expand Down Expand Up @@ -65,6 +68,8 @@ public void performTest()

testUnlockKeyWithWrongPassphraseBc();
testUnlockKeyWithWrongPassphraseJca();

reencryptKey();
}

private void unlockTestVector()
Expand Down Expand Up @@ -358,6 +363,58 @@ private void lockUnlockKeyJca(
keyPair.getPrivateKey().getPrivateKeyDataPacket().getEncoded(), dec.getPrivateKeyDataPacket().getEncoded());
}

private void reencryptKey() throws PGPException {
reencryptKeyBc();
reencryptKeyJca();
}

private void reencryptKeyJca()
{

}

private void reencryptKeyBc()
throws PGPException
{
Ed25519KeyPairGenerator gen = new Ed25519KeyPairGenerator();
gen.init(new Ed25519KeyGenerationParameters(new SecureRandom()));
AsymmetricCipherKeyPair kp = gen.generateKeyPair();
Date creationTime = currentTimeRounded();
String passphrase = "recycle";
PGPKeyPair keyPair = new BcPGPKeyPair(PublicKeyPacket.VERSION_6, PublicKeyAlgorithmTags.Ed25519, kp, creationTime);

PBESecretKeyEncryptor cfbEncBuilder = new BcPBESecretKeyEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_128)
.build(passphrase.toCharArray());
PGPDigestCalculatorProvider digestProv = new BcPGPDigestCalculatorProvider();

// Encrypt key using CFB mode
PGPSecretKey cfbEncKey = new PGPSecretKey(
keyPair.getPrivateKey(),
keyPair.getPublicKey(),
digestProv.get(HashAlgorithmTags.SHA1),
true,
cfbEncBuilder);

PBESecretKeyDecryptor cfbDecryptor = new BcPBESecretKeyDecryptorBuilder(digestProv)
.build(passphrase.toCharArray());

BcAEADSecretKeyEncryptorBuilder aeadEncBuilder = new BcAEADSecretKeyEncryptorBuilder(
AEADAlgorithmTags.OCB, SymmetricKeyAlgorithmTags.AES_128,
S2K.Argon2Params.memoryConstrainedParameters());

// Reencrypt key using AEAD
PGPSecretKey aeadEncKey = PGPSecretKey.copyWithNewPassword(
cfbEncKey,
cfbDecryptor,
aeadEncBuilder.build(
passphrase.toCharArray(),
cfbEncKey.getPublicKey().getPublicKeyPacket()));

PBESecretKeyDecryptor aeadDecryptor = new BcPBESecretKeyDecryptorBuilder(digestProv)
.build(passphrase.toCharArray());
isNotNull(aeadEncKey.extractPrivateKey(aeadDecryptor));
}

public static void main(String[] args)
{
runTest(new AEADProtectedPGPSecretKeyTest());
Expand Down
0