slightly improve PgpKeyOperation logic
This commit is contained in:
parent
6cb773c45d
commit
effa340c5c
|
@ -1161,7 +1161,7 @@ public class PgpKeyOperation {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Nullable
|
@Nullable
|
||||||
private PBESecretKeyEncryptor buildKeyEncryptorFromPassphrase(Passphrase passphrase) throws PGPException {
|
private static PBESecretKeyEncryptor buildKeyEncryptorFromPassphrase(Passphrase passphrase) throws PGPException {
|
||||||
if (passphrase == null || passphrase.isEmpty()) {
|
if (passphrase == null || passphrase.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
@ -1344,19 +1344,11 @@ public class PgpKeyOperation {
|
||||||
Passphrase newPassphrase,
|
Passphrase newPassphrase,
|
||||||
OperationLog log, int indent) throws PGPException {
|
OperationLog log, int indent) throws PGPException {
|
||||||
|
|
||||||
PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder().build()
|
|
||||||
.get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
|
|
||||||
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
|
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
|
||||||
Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
|
Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
|
||||||
// Build key encryptor based on new passphrase
|
// Build key encryptor based on new passphrase
|
||||||
PBESecretKeyEncryptor keyEncryptorNew = null;
|
PBESecretKeyEncryptor keyEncryptor = buildKeyEncryptorFromPassphrase(newPassphrase);
|
||||||
if (newPassphrase != null && !newPassphrase.isEmpty()) {
|
|
||||||
keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
|
|
||||||
PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
|
|
||||||
PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
|
|
||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME)
|
|
||||||
.build(newPassphrase.getCharArray());
|
|
||||||
}
|
|
||||||
boolean keysModified = false;
|
boolean keysModified = false;
|
||||||
|
|
||||||
for (PGPSecretKey sKey : new IterableIterator<>(sKR.getSecretKeys())) {
|
for (PGPSecretKey sKey : new IterableIterator<>(sKR.getSecretKeys())) {
|
||||||
|
@ -1367,7 +1359,7 @@ public class PgpKeyOperation {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// try to set new passphrase
|
// try to set new passphrase
|
||||||
sKey = PGPSecretKey.copyWithNewPassword(sKey, keyDecryptor, keyEncryptorNew);
|
sKey = PGPSecretKey.copyWithNewPassword(sKey, keyDecryptor, keyEncryptor);
|
||||||
ok = true;
|
ok = true;
|
||||||
} catch (PGPException e) {
|
} catch (PGPException e) {
|
||||||
|
|
||||||
|
@ -1384,7 +1376,7 @@ public class PgpKeyOperation {
|
||||||
PBESecretKeyDecryptor emptyDecryptor =
|
PBESecretKeyDecryptor emptyDecryptor =
|
||||||
new JcePBESecretKeyDecryptorBuilder().setProvider(
|
new JcePBESecretKeyDecryptorBuilder().setProvider(
|
||||||
Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
|
Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
|
||||||
sKey = PGPSecretKey.copyWithNewPassword(sKey, emptyDecryptor, keyEncryptorNew);
|
sKey = PGPSecretKey.copyWithNewPassword(sKey, emptyDecryptor, keyEncryptor);
|
||||||
ok = true;
|
ok = true;
|
||||||
} catch (PGPException e2) {
|
} catch (PGPException e2) {
|
||||||
// non-fatal but not ok, handled below
|
// non-fatal but not ok, handled below
|
||||||
|
|
Loading…
Reference in a new issue