bollwerkadmin/bollwerk
1
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions

fix(server): use CleartextKeysetHandle for admin E2EE encryption

Browse source
This commit is contained in:
Jens Reinemann 2026-05-18 16:23:12 +02:00
parent e0026b6eff
commit 0a4d9fc20e
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/src/main/kotlin/de/bollwerk/server/service/AdminMessageService.kt
View file

@ -1,8 +1,10 @@
package de.bollwerk.server.service package de.bollwerk.server.service
import com.google.crypto.tink.CleartextKeysetHandle
import com.google.crypto.tink.HybridEncrypt import com.google.crypto.tink.HybridEncrypt
import com.google.crypto.tink.JsonKeysetReader import com.google.crypto.tink.JsonKeysetReader
import com.google.crypto.tink.hybrid.HybridConfig import com.google.crypto.tink.hybrid.HybridConfig
import com.google.crypto.tink.hybrid.HybridEncryptFactory
import de.bollwerk.server.repository.UserRepository import de.bollwerk.server.repository.UserRepository
import java.util.Base64 import java.util.Base64
@ -26,8 +28,8 @@ internal class AdminMessageService(
Base64.getDecoder().decode(publicKeyBase64), Base64.getDecoder().decode(publicKeyBase64),
Charsets.UTF_8 Charsets.UTF_8
) )
val publicHandle = JsonKeysetReader.withString(publicKeysetJson).read() val publicHandle = CleartextKeysetHandle.read(JsonKeysetReader.withString(publicKeysetJson))
val hybridEncrypt = publicHandle.getPrimitive(HybridEncrypt::class.java) val hybridEncrypt: HybridEncrypt = HybridEncryptFactory.getPrimitive(publicHandle)
val ciphertext = hybridEncrypt.encrypt(plaintext.toByteArray(Charsets.UTF_8), null) val ciphertext = hybridEncrypt.encrypt(plaintext.toByteArray(Charsets.UTF_8), null)
return Base64.getEncoder().encodeToString(ciphertext) return Base64.getEncoder().encodeToString(ciphertext)