From 85c058fe1d9e7c5bee86ebd25ca5c4cec4d68739 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Tue, 30 Oct 2018 14:24:28 +0100 Subject: [PATCH] fix secret key export compatibility with gnupg --- .../keychain/pgp/PgpKeyOperation.java | 37 ++++++++++--------- extern/bouncycastle | 2 +- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 47fdd57fa..ac56d5354 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -35,6 +35,8 @@ import java.util.List; import java.util.Stack; import java.util.concurrent.atomic.AtomicBoolean; +import android.support.annotation.Nullable; + import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.nist.NISTNamedCurves; import org.bouncycastle.bcpg.ECDHPublicBCPGKey; @@ -338,18 +340,10 @@ public class PgpKeyOperation { progress(R.string.progress_building_master_key, 40); - // Build key encrypter and decrypter based on passphrase - PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder() - .build().get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO); - PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder( - PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, - encryptorHashCalc, PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT) - .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); - PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder() .build().get(PgpSecurityConstants.SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO); PGPSecretKey masterSecretKey = new PGPSecretKey(keyPair.getPrivateKey(), keyPair.getPublicKey(), - sha1Calc, true, keyEncryptor); + sha1Calc, true, null); PGPSecretKeyRing sKR = new PGPSecretKeyRing( masterSecretKey.getEncoded(), new JcaKeyFingerprintCalculator()); @@ -1073,14 +1067,7 @@ public class PgpKeyOperation { } PGPSecretKey sKey; { - // Build key encrypter and decrypter based on passphrase - PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder() - .build().get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO); - PBESecretKeyEncryptor keyEncryptor = new JcePBESecretKeyEncryptorBuilder( - PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc, - PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT) - .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build( - cryptoInput.getPassphrase().getCharArray()); + PBESecretKeyEncryptor keyEncryptor = buildKeyEncryptorFromPassphrase(cryptoInput.getPassphrase()); PGPDigestCalculator sha1Calc = new JcaPGPDigestCalculatorProviderBuilder() .build().get(PgpSecurityConstants.SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO); @@ -1173,6 +1160,22 @@ public class PgpKeyOperation { } + @Nullable + private PBESecretKeyEncryptor buildKeyEncryptorFromPassphrase(Passphrase passphrase) throws PGPException { + if (passphrase == null || passphrase.isEmpty()) { + return null; + } + + PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder() + .build() + .get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO); + return new JcePBESecretKeyEncryptorBuilder( + PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, + encryptorHashCalc, PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT) + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME) + .build(passphrase.getCharArray()); + } + /** This method does the actual modifications in a keyring just like internal, except it * supports only the subset of operations which require no passphrase, and will error * otherwise. diff --git a/extern/bouncycastle b/extern/bouncycastle index 3872e5ebe..c260cecf0 160000 --- a/extern/bouncycastle +++ b/extern/bouncycastle @@ -1 +1 @@ -Subproject commit 3872e5ebe104985f85ebe3ab59bdd72939477913 +Subproject commit c260cecf0b80c986e7461f63d3c12aed72d4be4d