Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PGPSecretKey.copyWithNewPassword defaults to S2K USAGE_CHECKSUM #1020

Closed
vanitasvitae opened this issue Sep 8, 2021 · 1 comment
Closed

PGPSecretKey.copyWithNewPassword defaults to S2K USAGE_CHECKSUM #1020

vanitasvitae opened this issue Sep 8, 2021 · 1 comment

Comments

@vanitasvitae
Copy link
Contributor

Hey!

When setting a passphrase on a key which previously was unencrypted, BC chooses S2K usage USAGE_CHECKSUM which is not an ideal choice.

OpenPGP.js for instance rejects this S2K usage as insecure.

Could you instead change the implementation of PGPSecretKey.copyWithNewPassword() to default to USAGE_SHA1 as default if the previous usage was NONE?
@vanitasvitae vanitasvitae mentioned this issue Sep 8, 2021
Closed
@dghgit
Copy link
Contributor

dghgit commented Nov 25, 2021

This is now done. I needed to add an extra method to allow a PGPDigestCalculator to do it first. In line with the current RFC only SHA-1 is accepted for it. Should show up on github soon.

@dghgit dghgit closed this as completed Nov 25, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vanitasvitae @dghgit