mirror of
https://github.com/moparisthebest/open-keychain
synced 2025-01-11 13:38:06 -05:00
always check binding when verifying
This commit is contained in:
parent
c95a52c070
commit
0bca0a4b08
@ -764,11 +764,11 @@ public class PgpOperation {
|
|||||||
|
|
||||||
PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject();
|
PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject();
|
||||||
PGPSignature messageSignature = signatureList.get(signatureIndex);
|
PGPSignature messageSignature = signatureList.get(signatureIndex);
|
||||||
if (signature.verify(messageSignature)) {
|
|
||||||
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, true);
|
//Now check binding signatures
|
||||||
} else {
|
boolean keyBinding_isok = verifyKeyBinding(mContext, messageSignature, signatureKey);
|
||||||
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, false);
|
boolean sig_isok = signature.verify(messageSignature);
|
||||||
}
|
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, keyBinding_isok & sig_isok);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -897,9 +897,18 @@ public class PgpOperation {
|
|||||||
boolean sig_isok = signature.verify();
|
boolean sig_isok = signature.verify();
|
||||||
|
|
||||||
//Now check binding signatures
|
//Now check binding signatures
|
||||||
boolean keyBinding_isok = false;
|
boolean keyBinding_isok = verifyKeyBinding(mContext, signature, signatureKey);
|
||||||
|
|
||||||
signatureKeyId = signature.getKeyID();
|
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok);
|
||||||
|
|
||||||
|
updateProgress(R.string.progress_done, 100, 100);
|
||||||
|
return returnData;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean verifyKeyBinding(Context mContext, PGPSignature signature, PGPPublicKey signatureKey)
|
||||||
|
{
|
||||||
|
long signatureKeyId = signature.getKeyID();
|
||||||
|
boolean keyBinding_isok = false;
|
||||||
String userId = null;
|
String userId = null;
|
||||||
PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
|
PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
|
||||||
signatureKeyId);
|
signatureKeyId);
|
||||||
@ -912,13 +921,10 @@ public class PgpOperation {
|
|||||||
} else { //if the key used to make the signature was the master key, no need to check binding sigs
|
} else { //if the key used to make the signature was the master key, no need to check binding sigs
|
||||||
keyBinding_isok = true;
|
keyBinding_isok = true;
|
||||||
}
|
}
|
||||||
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok);
|
return keyBinding_isok;
|
||||||
|
|
||||||
updateProgress(R.string.progress_done, 100, 100);
|
|
||||||
return returnData;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey)
|
public boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey)
|
||||||
{
|
{
|
||||||
boolean subkeyBinding_isok = false;
|
boolean subkeyBinding_isok = false;
|
||||||
boolean tmp_subkeyBinding_isok = false;
|
boolean tmp_subkeyBinding_isok = false;
|
||||||
|
Loading…
Reference in New Issue
Block a user