diff --git a/SendSafelyAPI/lib/bcpg-jdk15on-1.65.jar b/SendSafelyAPI/lib/bcpg-jdk15on-1.65.jar new file mode 100644 index 0000000..25e660f Binary files /dev/null and b/SendSafelyAPI/lib/bcpg-jdk15on-1.65.jar differ diff --git a/SendSafelyAPI/lib/bcpg-jdk15on-151.jar b/SendSafelyAPI/lib/bcpg-jdk15on-151.jar deleted file mode 100644 index ecf7baa..0000000 Binary files a/SendSafelyAPI/lib/bcpg-jdk15on-151.jar and /dev/null differ diff --git a/SendSafelyAPI/lib/bcprov-jdk15on-1.65.jar b/SendSafelyAPI/lib/bcprov-jdk15on-1.65.jar new file mode 100644 index 0000000..32a83c7 Binary files /dev/null and b/SendSafelyAPI/lib/bcprov-jdk15on-1.65.jar differ diff --git a/SendSafelyAPI/lib/bcprov-jdk15on-151.jar b/SendSafelyAPI/lib/bcprov-jdk15on-151.jar deleted file mode 100644 index 4076e11..0000000 Binary files a/SendSafelyAPI/lib/bcprov-jdk15on-151.jar and /dev/null differ diff --git a/SendSafelyAPI/src/com/sendsafely/utils/CryptoUtil.java b/SendSafelyAPI/src/com/sendsafely/utils/CryptoUtil.java index e9ed8fa..a0750a5 100644 --- a/SendSafelyAPI/src/com/sendsafely/utils/CryptoUtil.java +++ b/SendSafelyAPI/src/com/sendsafely/utils/CryptoUtil.java @@ -48,9 +48,11 @@ import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPUtil; +import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator; import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory; import org.bouncycastle.openpgp.operator.PGPDigestCalculator; import org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator; +import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator; import org.bouncycastle.openpgp.operator.bc.BcPBEDataDecryptorFactory; import org.bouncycastle.openpgp.operator.bc.BcPBEKeyEncryptionMethodGenerator; import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder; @@ -75,6 +77,7 @@ public class CryptoUtil { private static final int RsaKeySize = 2048; + private static final KeyFingerPrintCalculator KEY_FINGERPRINT_CALCULATOR = new BcKeyFingerprintCalculator(); public static String createChecksum(String keyCode, String packageCode) { @@ -247,7 +250,7 @@ public static String decryptKeycode(String privateKey, String encryptedKeycode) try { - PGPObjectFactory pgpF = new PGPObjectFactory(in); + PGPObjectFactory pgpF = new PGPObjectFactory(in, KEY_FINGERPRINT_CALCULATOR); PGPEncryptedDataList enc; Object o = pgpF.nextObject(); @@ -266,7 +269,7 @@ public static String decryptKeycode(String privateKey, String encryptedKeycode) Iterator it = enc.getEncryptedDataObjects(); PGPPrivateKey sKey = null; PGPPublicKeyEncryptedData pbe = null; - PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyIn)); + PGPSecretKeyRingCollection pgpSec = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(keyIn), KEY_FINGERPRINT_CALCULATOR); while (sKey == null && it.hasNext()) { @@ -280,7 +283,7 @@ public static String decryptKeycode(String privateKey, String encryptedKeycode) } InputStream clear = pbe.getDataStream(new BcPublicKeyDataDecryptorFactory(sKey)); - PGPObjectFactory plainFact = new PGPObjectFactory(clear); + PGPObjectFactory plainFact = new PGPObjectFactory(clear, KEY_FINGERPRINT_CALCULATOR); Object message = plainFact.nextObject(); if (message instanceof PGPLiteralData) @@ -325,7 +328,7 @@ public static String encryptKeycode(String publicKeyStr, String keycode) throws try { InputStream in=new ByteArrayInputStream(publicKeyStr.getBytes()); in = PGPUtil.getDecoderStream(in); - PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(in); + PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(in, KEY_FINGERPRINT_CALCULATOR); PGPPublicKey key = null; Iterator rIt = pgpPub.getKeyRings(); while (key == null && rIt.hasNext()) { @@ -387,7 +390,7 @@ public static String encryptKeycode(String publicKeyStr, String keycode) throws public static void decryptFile(InputStream input, OutputStream output, String decryptionKey, Progress progress) throws IOException, PGPException { input = PGPUtil.getDecoderStream(input); - PGPObjectFactory pgpF = new PGPObjectFactory(input); + PGPObjectFactory pgpF = new PGPObjectFactory(input, KEY_FINGERPRINT_CALCULATOR); PGPEncryptedDataList enc; Object o = pgpF.nextObject(); @@ -405,14 +408,14 @@ public static void decryptFile(InputStream input, OutputStream output, String de PBEDataDecryptorFactory pdf = new BcPBEDataDecryptorFactory(decryptionKey.toCharArray(), bcPgp); InputStream clear = pbe.getDataStream(pdf); - PGPObjectFactory pgpFact = new PGPObjectFactory(clear); + PGPObjectFactory pgpFact = new PGPObjectFactory(clear, KEY_FINGERPRINT_CALCULATOR); o = pgpFact.nextObject(); if (o instanceof PGPCompressedData) { PGPCompressedData cData = (PGPCompressedData) o; - pgpFact = new PGPObjectFactory(cData.getDataStream()); + pgpFact = new PGPObjectFactory(cData.getDataStream(), KEY_FINGERPRINT_CALCULATOR); o = pgpFact.nextObject(); } @@ -455,7 +458,7 @@ public static String decryptMessage(String message, String decryptionKey) throws InputStream in = new ByteArrayInputStream(encrypted); in = PGPUtil.getDecoderStream(in); - PGPObjectFactory pgpF = new PGPObjectFactory(in); + PGPObjectFactory pgpF = new PGPObjectFactory(in, KEY_FINGERPRINT_CALCULATOR); PGPEncryptedDataList enc = null; Object o = pgpF.nextObject(); @@ -474,7 +477,7 @@ public static String decryptMessage(String message, String decryptionKey) throws PBEDataDecryptorFactory pdf = new BcPBEDataDecryptorFactory(decryptionKey.toCharArray(), bcPgp); InputStream clear = pbe.getDataStream(pdf); - PGPObjectFactory pgpFact = new PGPObjectFactory(clear); + PGPObjectFactory pgpFact = new PGPObjectFactory(clear, KEY_FINGERPRINT_CALCULATOR); PGPLiteralData ld = (PGPLiteralData)pgpFact.nextObject();