search

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird
https://www.rnpgp.org
Other
194 stars 55 forks source link

rnp_op_encrypt_execute always uses empty session key #983

Closed jpo234 closed 4 years ago

jpo234 commented 4 years ago

Description

When encrypting a message with rnp_op_encrypt_execute the session key is empty.

Steps to Reproduce

  1. call rnp_op_encrypt_execute and save the encrypted buffer to a file
  2. verify the file: 
    rnp --list-packets ciphertext.rnp
:off 0: packet header 0xc30d (tag 3, len 13)
Symmetric-key encrypted session key packet
version: 4
symmetric algorithm: 9 (AES-256)
s2k specifier: 3
s2k hash algorithm: 8 (SHA256)
s2k salt: 0x2cd1000e45aa83ae
s2k iterations: 0 (1024)
encrypted key: 0x (0 bytes)
:off 15: packet header 0xd254 (tag 18, len 84)
Symmetrically-encrypted integrity protected data packet

    Expected Behavior

The encrypted session key must not be empty and should vary from run to run

Actual Behavior

The encrypted session key is always empty.

enc_main.zip

jpo234 commented 4 years ago

I'm not sure about the empty session key. rnp --list-packets shows a zero-length key for gpg encrypted messages, too. They actual problem might be in rnp --list-packets.

jpo234 commented 4 years ago

Or I'm mistaken and the following part from RFC4880 applies:

If the encrypted session key is not present (which can be detected on the basis of packet length and S2K specifier size), then the S2K algorithm applied to the passphrase produces the session key for decrypting the file, using the symmetric cipher algorithm from the Symmetric-Key Encrypted Session Key packet.

jpo234 commented 4 years ago

Sorry for the inconvenience. When using two different keys, rnp correctly uses and encrypts a session key.