From 0a1de8deeaa543f3a0658c3927fd632d115e34fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 14 Aug 2014 15:42:02 +0200
Subject: [PATCH] Do not import v3 keys, they are insecure!

---
 .../keychain/pgp/UncachedKeyRing.java                  |  4 ++++
 .../keychain/provider/ProviderHelper.java              | 10 ++++++++++
 .../keychain/service/OperationResultParcel.java        |  1 +
 OpenKeychain/src/main/res/values/strings.xml           |  3 ++-
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
index 73a51942d..18f27cbff 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@@ -118,6 +118,10 @@ public class UncachedKeyRing {
         return mRing.getPublicKey().getFingerprint();
     }
 
+    public int getVersion() {
+        return mRing.getPublicKey().getVersion();
+    }
+
     public static UncachedKeyRing decodeFromData(byte[] data)
             throws PgpGeneralException, IOException {
 
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index a13bb9c98..f8b2e549f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -642,6 +642,11 @@ public class ProviderHelper {
             log(LogLevel.START, LogType.MSG_IP, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
             mIndent += 1;
 
+            if (publicRing.getVersion() <= 3) {
+                log(LogLevel.ERROR, LogType.MSG_IP_V3_KEY);
+                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+            }
+
             if (publicRing.isSecret()) {
                 log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
                 return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
@@ -734,6 +739,11 @@ public class ProviderHelper {
             log(LogLevel.START, LogType.MSG_IS, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
             mIndent += 1;
 
+            if (secretRing.getVersion() <= 3) {
+                log(LogLevel.ERROR, LogType.MSG_IP_V3_KEY);
+                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+            }
+
             if ( ! secretRing.isSecret()) {
                 log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
                 return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
index d7d98fd68..93c3fc42b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
@@ -231,6 +231,7 @@ public class OperationResultParcel implements Parcelable {
         MSG_IP(R.string.msg_ip),
         MSG_IP_APPLY_BATCH (R.string.msg_ip_apply_batch),
         MSG_IP_BAD_TYPE_SECRET (R.string.msg_ip_bad_type_secret),
+        MSG_IP_V3_KEY (R.string.msg_ip_v3_key),
         MSG_IP_DELETE_OLD_FAIL (R.string.msg_ip_delete_old_fail),
         MSG_IP_DELETE_OLD_OK (R.string.msg_ip_delete_old_ok),
         MSG_IP_ENCODE_FAIL (R.string.msg_ip_encode_fail),
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 09a434d5d..75175212c 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -433,7 +433,7 @@
     <string name="user_id_info_verified_title">Verified</string>
     <string name="user_id_info_verified_text">This identity has been verified.</string>
     <string name="user_id_info_not_verified_title">Not verified</string>
-    <string name="user_id_info_not_verified_text">This identity has not been verified yet. You can not be sure if the identity really corresponds to a specific person.</string>
+    <string name="user_id_info_not_verified_text">This identity has not been verified yet. You cannot be sure if the identity really corresponds to a specific person.</string>
     <string name="user_id_info_invalid_title">Invalid</string>
     <string name="user_id_info_invalid_text">Something is wrong with this identity!</string>
 
@@ -497,6 +497,7 @@
     <!-- Import Public log entries -->
     <string name="msg_ip_apply_batch">Applying insert batch operation.</string>
     <string name="msg_ip_bad_type_secret">Tried to import secret keyring as public. This is a bug, please file a report!</string>
+    <string name="msg_ip_v3_key">This key is an OpenPGP version 3 key and thus insecure. It has not been imported.</string>
     <string name="msg_ip_delete_old_fail">No old key deleted (creating a new one?)</string>
     <string name="msg_ip_delete_old_ok">Deleted old key from database</string>
     <string name="msg_ip_encode_fail">Operation failed due to encoding error</string>