Better selection of preferred algorithm

author: Dominik Schürmann <dominik@dominikschuermann.de> 2015-03-05 10:49:57 +0100
committer: Dominik Schürmann <dominik@dominikschuermann.de> 2015-03-05 10:49:57 +0100
commit: c121657c2cf17ecd3d59809ff86f758b7b1a592c (patch)
tree: d6c91a0418933a0466a3b6023bc286e864104ba9 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
parent: 8c8fdd6c495bb12f5c76c9d1fc4a6a44f1c3808b (diff)
download: open-keychain-c121657c2cf17ecd3d59809ff86f758b7b1a592c.tar.gz
open-keychain-c121657c2cf17ecd3d59809ff86f758b7b1a592c.tar.bz2
open-keychain-c121657c2cf17ecd3d59809ff86f758b7b1a592c.zip
1 files changed, 28 insertions, 10 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index 40f2f48ad..0fab4c747 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -20,6 +20,7 @@ package org.sufficientlysecure.keychain.pgp;
 
 import org.spongycastle.bcpg.HashAlgorithmTags;
 import org.spongycastle.bcpg.S2K;
+import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.spongycastle.openpgp.PGPException;
 import org.spongycastle.openpgp.PGPPrivateKey;
 import org.spongycastle.openpgp.PGPPublicKey;
@@ -137,7 +138,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
             // It means the passphrase is empty
             return SecretKeyType.PASSPHRASE_EMPTY;
         } catch (PGPException e) {
-            HashMap<String,String> notation = getRing().getLocalNotationData();
+            HashMap<String, String> notation = getRing().getLocalNotationData();
             if (notation.containsKey("unlock.pin@sufficientlysecure.org")
                     && "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) {
                 return SecretKeyType.PIN;
@@ -179,7 +180,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
      * Returns a list of all supported hash algorithms. This list is currently hardcoded to return
      * a limited set of algorithms supported by Yubikeys.
      *
-     * @return
+     * TODO: look into preferred algos of this key?
      */
     public LinkedList<Integer> getSupportedHashAlgorithms() {
         LinkedList<Integer> supported = new LinkedList<>();
@@ -187,24 +188,41 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
             // No support for MD5
             supported.add(HashAlgorithmTags.RIPEMD160);
-            supported.add(HashAlgorithmTags.SHA1);
+            // don't allow SHA1
             supported.add(HashAlgorithmTags.SHA224);
-            supported.add(HashAlgorithmTags.SHA256);
             supported.add(HashAlgorithmTags.SHA384);
-            supported.add(HashAlgorithmTags.SHA512); // preferred is latest
+            supported.add(HashAlgorithmTags.SHA512);
+            supported.add(HashAlgorithmTags.SHA256); // preferred is latest
         } else {
-            supported.add(HashAlgorithmTags.MD5);
+            // NOTE: List of hash algorithms OpenKeychain wants to support!
+
+            // don't allow MD5
             supported.add(HashAlgorithmTags.RIPEMD160);
-            supported.add(HashAlgorithmTags.SHA1);
+            // don't allow SHA1
             supported.add(HashAlgorithmTags.SHA224);
-            supported.add(HashAlgorithmTags.SHA256);
             supported.add(HashAlgorithmTags.SHA384);
-            supported.add(HashAlgorithmTags.SHA512); // preferred is latest
+            supported.add(HashAlgorithmTags.SHA512);
+            supported.add(HashAlgorithmTags.SHA256); // preferred is latest
+            // some application don't support SHA512, thus preferred is SHA-256 (Mailvelope?)
         }
 
         return supported;
     }
 
+    /**
+     * TODO: look into preferred algos of this key?
+     */
+    public static LinkedList<Integer> getSupportedEncryptionAlgorithms() {
+        LinkedList<Integer> supported = new LinkedList<>();
+
+        supported.add(SymmetricKeyAlgorithmTags.TWOFISH);
+        supported.add(SymmetricKeyAlgorithmTags.AES_128);
+        supported.add(SymmetricKeyAlgorithmTags.AES_192);
+        supported.add(SymmetricKeyAlgorithmTags.AES_256); // preferred is latest
+
+        return supported;
+    }
+
     private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo, byte[] nfcSignedHash,
                                                             Date nfcCreationTimestamp) {
         if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
@@ -358,7 +376,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
     }
 
     // HACK, for TESTING ONLY!!
-    PGPPrivateKey getPrivateKey () {
+    PGPPrivateKey getPrivateKey() {
         return mPrivateKey;
     }
author	Dominik Schürmann <dominik@dominikschuermann.de>	2015-03-05 10:49:57 +0100
committer	Dominik Schürmann <dominik@dominikschuermann.de>	2015-03-05 10:49:57 +0100
commit	c121657c2cf17ecd3d59809ff86f758b7b1a592c (patch)
tree	d6c91a0418933a0466a3b6023bc286e864104ba9 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
parent	8c8fdd6c495bb12f5c76c9d1fc4a6a44f1c3808b (diff)
download	open-keychain-c121657c2cf17ecd3d59809ff86f758b7b1a592c.tar.gz open-keychain-c121657c2cf17ecd3d59809ff86f758b7b1a592c.tar.bz2 open-keychain-c121657c2cf17ecd3d59809ff86f758b7b1a592c.zip