suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Always encrypt keys using AES

Browse Source 
Even if they were previously encrypted using another algorithm.
This commit is contained in:
Daniel Huigens 2019-11-18 13:40:40 +01:00
parent 5bf0f96163
commit e20d727d76
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/packet/secret_key.js
View File

@ -68,12 +68,12 @@ function SecretKey(date = new Date()) {
* Symmetric algorithm * Symmetric algorithm
* @type {String} * @type {String}
*/ */
this.symmetric = 'aes256'; this.symmetric = null;
/** /**
* AEAD algorithm * AEAD algorithm
* @type {String} * @type {String}
*/ */
this.aead = 'eax'; this.aead = null;
} }
SecretKey.prototype = new PublicKey(); SecretKey.prototype = new PublicKey();
@ -287,12 +287,14 @@ SecretKey.prototype.encrypt = async function (passphrase) {
this.s2k = new type_s2k(); this.s2k = new type_s2k();
this.s2k.salt = await crypto.random.getRandomBytes(8); this.s2k.salt = await crypto.random.getRandomBytes(8);
const cleartext = write_cleartext_params(this.params, this.algorithm); const cleartext = write_cleartext_params(this.params, this.algorithm);
this.symmetric = 'aes256';
const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric); const key = await produceEncryptionKey(this.s2k, passphrase, this.symmetric);
const blockLen = crypto.cipher[this.symmetric].blockSize; const blockLen = crypto.cipher[this.symmetric].blockSize;
this.iv = await crypto.random.getRandomBytes(blockLen); this.iv = await crypto.random.getRandomBytes(blockLen);
if (this.version === 5) { if (this.version === 5) {
this.s2k_usage = 253; this.s2k_usage = 253;
this.aead = 'eax';
const mode = crypto[this.aead]; const mode = crypto[this.aead];
const modeInstance = await mode(this.symmetric, key); const modeInstance = await mode(this.symmetric, key);
this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array()); this.keyMaterial = await modeInstance.encrypt(cleartext, this.iv.subarray(0, mode.ivLength), new Uint8Array());