Prevent ClassCastException for v3 OpenPGP keys with non-RSA public keys

vanitasvitae · vanitasvitae · commit 0237f7571b56 · 2025-08-25T22:26:05.000+02:00
v3 and earlier OpenPGP keys can only use RSA as key algorithm.
This commit changes the behavior of BC to throw a PGPException instead of a ClassCastException when
encountering a malformed key.
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcKeyFingerprintCalculator.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcKeyFingerprintCalculator.java
@@ -25,6 +25,10 @@ public byte[] calculateFingerprint(PublicKeyPacket publicPk)
 
         if (publicPk.getVersion() <= PublicKeyPacket.VERSION_3)
         {
+            if (!(key instanceof RSAPublicBCPGKey))
+            {
+                throw new PGPException("Version 3 OpenPGP keys can only use RSA. Found " + key.getClass().getName());
+            }
             RSAPublicBCPGKey rK = (RSAPublicBCPGKey)key;
 
             try
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcaKeyFingerprintCalculator.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcaKeyFingerprintCalculator.java
@@ -66,6 +66,10 @@ public byte[] calculateFingerprint(PublicKeyPacket publicPk)
 
         if (publicPk.getVersion() <= PublicKeyPacket.VERSION_3)
         {
+            if (!(key instanceof RSAPublicBCPGKey))
+            {
+                throw new PGPException("Version 3 OpenPGP keys can only use RSA. Found " + key.getClass().getName());
+            }
             RSAPublicBCPGKey rK = (RSAPublicBCPGKey)key;
 
             try

Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,10 @@ public byte[] calculateFingerprint(PublicKeyPacket publicPk)`
`25`	`25`
`26`	`26`	`if (publicPk.getVersion() <= PublicKeyPacket.VERSION_3)`
`27`	`27`	`{`
	`28`	`+ if (!(key instanceof RSAPublicBCPGKey))`
	`29`	`+ {`
	`30`	`+ throw new PGPException("Version 3 OpenPGP keys can only use RSA. Found " + key.getClass().getName());`
	`31`	`+ }`
`28`	`32`	`RSAPublicBCPGKey rK = (RSAPublicBCPGKey)key;`
`29`	`33`
`30`	`34`	`try`
Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,10 @@ public byte[] calculateFingerprint(PublicKeyPacket publicPk)`
`66`	`66`
`67`	`67`	`if (publicPk.getVersion() <= PublicKeyPacket.VERSION_3)`
`68`	`68`	`{`
	`69`	`+ if (!(key instanceof RSAPublicBCPGKey))`
	`70`	`+ {`
	`71`	`+ throw new PGPException("Version 3 OpenPGP keys can only use RSA. Found " + key.getClass().getName());`
	`72`	`+ }`
`69`	`73`	`RSAPublicBCPGKey rK = (RSAPublicBCPGKey)key;`
`70`	`74`
`71`	`75`	`try`