From 9f1d41ea42b8638c51b9107f276e3edb278a5895 Mon Sep 17 00:00:00 2001 From: M66B Date: Thu, 1 Oct 2020 08:47:20 +0200 Subject: [PATCH] Somebody likes to try --- .../main/java/eu/faircode/email/FragmentCompose.java | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java index 62ca67d60d..d56608dc27 100644 --- a/app/src/main/java/eu/faircode/email/FragmentCompose.java +++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java @@ -127,6 +127,7 @@ import org.bouncycastle.cms.RecipientInfoGenerator; import org.bouncycastle.cms.SignerInfoGenerator; import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; +import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator; import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.DigestCalculatorProvider; @@ -2832,8 +2833,16 @@ public class FragmentCompose extends FragmentBase { // Encrypt CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); if ("EC".equals(privkey.getAlgorithm())) { + JceKeyAgreeRecipientInfoGenerator gen = new JceKeyAgreeRecipientInfoGenerator( + CMSAlgorithm.ECDH_SHA256KDF, + privkey, + chain[0].getPublicKey(), + CMSAlgorithm.AES128_WRAP); + for (X509Certificate cert : certs) + gen.addRecipient(cert); + cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen); // https://security.stackexchange.com/a/53960 - throw new IllegalArgumentException("ECDSA cannot be used for encryption"); + // throw new IllegalArgumentException("ECDSA cannot be used for encryption"); } else { for (X509Certificate cert : certs) { RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert);