ECDSA S/MIME support

This commit is contained in:
M66B 2020-09-27 19:16:15 +02:00
parent 36538e2881
commit edd98b0b57
1 changed files with 19 additions and 2 deletions

View File

@ -127,7 +127,9 @@ import org.bouncycastle.cms.RecipientInfoGenerator;
import org.bouncycastle.cms.SignerInfoGenerator; import org.bouncycastle.cms.SignerInfoGenerator;
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.OperatorCreationException;
@ -159,6 +161,7 @@ import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.text.Collator; import java.text.Collator;
@ -2720,6 +2723,8 @@ public class FragmentCompose extends FragmentBase {
Log.i("Private key algorithm=" + algorithm); Log.i("Private key algorithm=" + algorithm);
if (TextUtils.isEmpty(algorithm)) if (TextUtils.isEmpty(algorithm))
algorithm = "RSA"; algorithm = "RSA";
else if ("EC".equals(algorithm))
algorithm = "ECDSA";
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256with" + algorithm) ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256with" + algorithm)
.build(privkey); .build(privkey);
@ -2829,9 +2834,21 @@ public class FragmentCompose extends FragmentBase {
// Encrypt // Encrypt
CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator(); CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
for (X509Certificate cert : certs) { if ("EC".equals(privkey.getAlgorithm())) {
RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert); Security.addProvider(new BouncyCastleProvider());
JceKeyAgreeRecipientInfoGenerator gen = new JceKeyAgreeRecipientInfoGenerator(
CMSAlgorithm.ECDH_SHA256KDF,
privkey,
chain[0].getPublicKey(),
CMSAlgorithm.AES128_WRAP);
for (X509Certificate cert : certs)
gen.addRecipient(cert);
cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen); cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
} else {
for (X509Certificate cert : certs) {
RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert);
cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
}
} }
File einput = new File(context.getCacheDir(), "smime_encrypt." + draft.id); File einput = new File(context.getCacheDir(), "smime_encrypt." + draft.id);