Do not import v3 keys, they are insecure!

2024-11-24 01:32:16 -05:00 · 2014-08-14 15:42:02 +02:00 · 2014-08-14 15:42:02 +02:00 · 0a1de8deea
commit 0a1de8deea
parent 225e248293
4 changed files with 17 additions and 1 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
@ -118,6 +118,10 @@ public class UncachedKeyRing {
        return mRing.getPublicKey().getFingerprint();
    }

+    public int getVersion() {
+        return mRing.getPublicKey().getVersion();
+    }
+
    public static UncachedKeyRing decodeFromData(byte[] data)
            throws PgpGeneralException, IOException {

--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@ -642,6 +642,11 @@ public class ProviderHelper {
            log(LogLevel.START, LogType.MSG_IP, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
            mIndent += 1;

+            if (publicRing.getVersion() <= 3) {
+                log(LogLevel.ERROR, LogType.MSG_IP_V3_KEY);
+                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+            }
+
            if (publicRing.isSecret()) {
                log(LogLevel.ERROR, LogType.MSG_IP_BAD_TYPE_SECRET);
                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
@ -734,6 +739,11 @@ public class ProviderHelper {
            log(LogLevel.START, LogType.MSG_IS, PgpKeyHelper.convertKeyIdToHex(masterKeyId));
            mIndent += 1;

+            if (secretRing.getVersion() <= 3) {
+                log(LogLevel.ERROR, LogType.MSG_IP_V3_KEY);
+                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
+            }
+
            if ( ! secretRing.isSecret()) {
                log(LogLevel.ERROR, LogType.MSG_IS_BAD_TYPE_PUBLIC);
                return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/OperationResultParcel.java
@ -231,6 +231,7 @@ public class OperationResultParcel implements Parcelable {
        MSG_IP(R.string.msg_ip),
        MSG_IP_APPLY_BATCH (R.string.msg_ip_apply_batch),
        MSG_IP_BAD_TYPE_SECRET (R.string.msg_ip_bad_type_secret),
+        MSG_IP_V3_KEY (R.string.msg_ip_v3_key),
        MSG_IP_DELETE_OLD_FAIL (R.string.msg_ip_delete_old_fail),
        MSG_IP_DELETE_OLD_OK (R.string.msg_ip_delete_old_ok),
        MSG_IP_ENCODE_FAIL (R.string.msg_ip_encode_fail),
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@ -497,6 +497,7 @@
    <!-- Import Public log entries -->
    <string name="msg_ip_apply_batch">Applying insert batch operation.</string>
    <string name="msg_ip_bad_type_secret">Tried to import secret keyring as public. This is a bug, please file a report!</string>
+    <string name="msg_ip_v3_key">This key is an OpenPGP version 3 key and thus insecure. It has not been imported.</string>
    <string name="msg_ip_delete_old_fail">No old key deleted (creating a new one?)</string>
    <string name="msg_ip_delete_old_ok">Deleted old key from database</string>
    <string name="msg_ip_encode_fail">Operation failed due to encoding error</string>