diff options
| author | Thomas Wolf <thomas.wolf@paranor.ch> | 2021-01-24 02:13:43 +0100 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2021-02-19 18:24:47 -0500 |
| commit | bdc48aeac756cc0471618b06d793083e63109ee0 (patch) | |
| tree | 9f6cb3fb0bb543cfd0486e7c3cb36715942b8030 /README.md | |
| parent | a14455dfd7ac61e13f2ea8c7d789463efd8eeb72 (diff) | |
| download | jgit-bdc48aeac756cc0471618b06d793083e63109ee0.tar.gz jgit-bdc48aeac756cc0471618b06d793083e63109ee0.zip | |
GPG: handle extended private key format
Add detection for the key-value pair format that was available in
gpg-agent for some time already and that has become the default since
gpg-agent 2.2.20. If a secret key in the .gnupg/private-keys-v1.d
directory is found to have this format, extract the human-readable key
from it, convert it to the binary serialized form and hand that to
BouncyCastle.
Encrypted keys in the new format may use AES/OCB. OCB is a patent-
encumbered algorithm; although there is a license for open-source
software, that may not be good enough and OCB may not be available in
Java. It is not available in the default security provider in Java,
and it is also not available in the BouncyCastle version included in
Eclipse.
Implement AES/OCB decryption, throwing a PGPException with a nice
message if the algorithm is not available. Include a copy of the normal
s-expression parser of BouncyCastle and fix it to properly handle data
from such keys: such keys do not contain an internal hash since the
AES/OCB cipher includes and checks a MAC already.
Bug: 570501
Change-Id: Ifa6391a809a84cfc6ae7c6610af6a79204b4143b
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'README.md')
0 files changed, 0 insertions, 0 deletions