1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2024-12-25 01:06:04 +00:00

Somebody likes to try

This commit is contained in:
M66B 2020-10-01 08:47:20 +02:00
parent 808a6b1877
commit 9f1d41ea42

View file

@ -127,6 +127,7 @@ import org.bouncycastle.cms.RecipientInfoGenerator;
import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider;
@ -2832,8 +2833,16 @@ public class FragmentCompose extends FragmentBase {
// Encrypt
CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
if ("EC".equals(privkey.getAlgorithm())) {
JceKeyAgreeRecipientInfoGenerator gen = new JceKeyAgreeRecipientInfoGenerator(
CMSAlgorithm.ECDH_SHA256KDF,
privkey,
chain[0].getPublicKey(),
CMSAlgorithm.AES128_WRAP);
for (X509Certificate cert : certs)
gen.addRecipient(cert);
cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
// https://security.stackexchange.com/a/53960
throw new IllegalArgumentException("ECDSA cannot be used for encryption");
// throw new IllegalArgumentException("ECDSA cannot be used for encryption");
} else {
for (X509Certificate cert : certs) {
RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert);