From 0a4d9fc20ea76fba74936e923ead7321345f8a83 Mon Sep 17 00:00:00 2001 From: Jens Reinemann Date: Mon, 18 May 2026 16:23:12 +0200 Subject: [PATCH] fix(server): use CleartextKeysetHandle for admin E2EE encryption --- .../de/bollwerk/server/service/AdminMessageService.kt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt b/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt index f2dbad5..926da59 100644 --- a/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt +++ b/server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt @@ -1,8 +1,10 @@ package de.bollwerk.server.service +import com.google.crypto.tink.CleartextKeysetHandle import com.google.crypto.tink.HybridEncrypt import com.google.crypto.tink.JsonKeysetReader import com.google.crypto.tink.hybrid.HybridConfig +import com.google.crypto.tink.hybrid.HybridEncryptFactory import de.bollwerk.server.repository.UserRepository import java.util.Base64 @@ -26,8 +28,8 @@ internal class AdminMessageService( Base64.getDecoder().decode(publicKeyBase64), Charsets.UTF_8 ) - val publicHandle = JsonKeysetReader.withString(publicKeysetJson).read() - val hybridEncrypt = publicHandle.getPrimitive(HybridEncrypt::class.java) + val publicHandle = CleartextKeysetHandle.read(JsonKeysetReader.withString(publicKeysetJson)) + val hybridEncrypt: HybridEncrypt = HybridEncryptFactory.getPrimitive(publicHandle) val ciphertext = hybridEncrypt.encrypt(plaintext.toByteArray(Charsets.UTF_8), null) return Base64.getEncoder().encodeToString(ciphertext)