mirror of
https://github.com/M66B/FairEmail.git
synced 2024-12-25 01:06:04 +00:00
ECDSA cannot be used for encryption
This commit is contained in:
parent
b87dda9174
commit
9f32ca6fba
1 changed files with 2 additions and 12 deletions
|
@ -127,9 +127,7 @@ import org.bouncycastle.cms.RecipientInfoGenerator;
|
|||
import org.bouncycastle.cms.SignerInfoGenerator;
|
||||
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
|
||||
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
|
||||
import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
|
||||
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.operator.ContentSigner;
|
||||
import org.bouncycastle.operator.DigestCalculatorProvider;
|
||||
import org.bouncycastle.operator.OperatorCreationException;
|
||||
|
@ -161,7 +159,6 @@ import java.nio.charset.StandardCharsets;
|
|||
import java.security.GeneralSecurityException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.Security;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.text.Collator;
|
||||
|
@ -2835,15 +2832,8 @@ public class FragmentCompose extends FragmentBase {
|
|||
// Encrypt
|
||||
CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
|
||||
if ("EC".equals(privkey.getAlgorithm())) {
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
JceKeyAgreeRecipientInfoGenerator gen = new JceKeyAgreeRecipientInfoGenerator(
|
||||
CMSAlgorithm.ECDH_SHA256KDF,
|
||||
privkey,
|
||||
chain[0].getPublicKey(),
|
||||
CMSAlgorithm.AES128_WRAP);
|
||||
for (X509Certificate cert : certs)
|
||||
gen.addRecipient(cert);
|
||||
cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
|
||||
// https://security.stackexchange.com/a/53960
|
||||
throw new IllegalArgumentException("ECDSA cannot be used for encryption");
|
||||
} else {
|
||||
for (X509Certificate cert : certs) {
|
||||
RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert);
|
||||
|
|
Loading…
Reference in a new issue