PeterCxy/open-keychain
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 1 Wiki Activity

slightly improve PgpKeyOperation logic

Browse source
This commit is contained in:
Vincent Breitmoser 2019-06-27 19:26:34 +02:00
parent 6cb773c45d
commit effa340c5c
1 changed files with 5 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
View file

@ -1161,7 +1161,7 @@ public class PgpKeyOperation {
} }
@Nullable @Nullable
private PBESecretKeyEncryptor buildKeyEncryptorFromPassphrase(Passphrase passphrase) throws PGPException { private static PBESecretKeyEncryptor buildKeyEncryptorFromPassphrase(Passphrase passphrase) throws PGPException {
if (passphrase == null || passphrase.isEmpty()) { if (passphrase == null || passphrase.isEmpty()) {
return null; return null;
} }
@ -1344,19 +1344,11 @@ public class PgpKeyOperation {
Passphrase newPassphrase, Passphrase newPassphrase,
OperationLog log, int indent) throws PGPException { OperationLog log, int indent) throws PGPException {
PGPDigestCalculator encryptorHashCalc = new JcaPGPDigestCalculatorProviderBuilder().build()
.get(PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_HASH_ALGO);
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider( PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder().setProvider(
Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray()); Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray());
// Build key encryptor based on new passphrase // Build key encryptor based on new passphrase
PBESecretKeyEncryptor keyEncryptorNew = null; PBESecretKeyEncryptor keyEncryptor = buildKeyEncryptorFromPassphrase(newPassphrase);
if (newPassphrase != null && !newPassphrase.isEmpty()) {
keyEncryptorNew = new JcePBESecretKeyEncryptorBuilder(
PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO, encryptorHashCalc,
PgpSecurityConstants.SECRET_KEY_ENCRYPTOR_S2K_COUNT)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME)
.build(newPassphrase.getCharArray());
}
boolean keysModified = false; boolean keysModified = false;
for (PGPSecretKey sKey : new IterableIterator<>(sKR.getSecretKeys())) { for (PGPSecretKey sKey : new IterableIterator<>(sKR.getSecretKeys())) {
@ -1367,7 +1359,7 @@ public class PgpKeyOperation {
try { try {
// try to set new passphrase // try to set new passphrase
sKey = PGPSecretKey.copyWithNewPassword(sKey, keyDecryptor, keyEncryptorNew); sKey = PGPSecretKey.copyWithNewPassword(sKey, keyDecryptor, keyEncryptor);
ok = true; ok = true;
} catch (PGPException e) { } catch (PGPException e) {
@ -1384,7 +1376,7 @@ public class PgpKeyOperation {
PBESecretKeyDecryptor emptyDecryptor = PBESecretKeyDecryptor emptyDecryptor =
new JcePBESecretKeyDecryptorBuilder().setProvider( new JcePBESecretKeyDecryptorBuilder().setProvider(
Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray());
sKey = PGPSecretKey.copyWithNewPassword(sKey, emptyDecryptor, keyEncryptorNew); sKey = PGPSecretKey.copyWithNewPassword(sKey, emptyDecryptor, keyEncryptor);
ok = true; ok = true;
} catch (PGPException e2) { } catch (PGPException e2) {
// non-fatal but not ok, handled below // non-fatal but not ok, handled below