Skip to content

Commit

Permalink
Allow Salted S2K for high-entropy passphrases (#219)
Browse files Browse the repository at this point in the history 
Partially reverts #213 by
allowing Salted S2K for high-entropy passphrases, as already enforced
by openpgp/s2k/s2k.go:195.
  • Loading branch information
@twiss
twiss authored Jul 18, 2024
1 parent ad60d74 commit 1da78a7
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion openpgp/packet/private_key.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -668,7 +668,8 @@ func (pk *PrivateKey) encrypt(key []byte, params *s2k.Params, s2kType S2KType, c
if params.Mode() == s2k.Argon2S2K && s2kType != S2KAEAD {
return errors.InvalidArgumentError("using Argon2 S2K without AEAD is not allowed")
}
if params.Mode() != s2k.Argon2S2K && params.Mode() != s2k.IteratedSaltedS2K {
if params.Mode() != s2k.Argon2S2K && params.Mode() != s2k.IteratedSaltedS2K &&
params.Mode() != s2k.SaltedS2K { // only allowed for high-entropy passphrases
return errors.InvalidArgumentError("insecure S2K mode")
}

Expand Down

0 comments on commit 1da78a7

Please sign in to comment.