diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-04-15 23:54:05 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-04-15 23:54:05 +0200 |
commit | 08399dec4bbd63e6377b2bd876fbc07c235c65cb (patch) | |
tree | 2e85d39fb5fad2c91bc84bcd4dcd81f89a6fd9c6 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java | |
parent | 9df498b7144dcb77cbdcef70a4f609c01e7d3bbc (diff) | |
download | open-keychain-08399dec4bbd63e6377b2bd876fbc07c235c65cb.tar.gz open-keychain-08399dec4bbd63e6377b2bd876fbc07c235c65cb.tar.bz2 open-keychain-08399dec4bbd63e6377b2bd876fbc07c235c65cb.zip |
Fix PgpDecryptVerify signature verification: search for right signature subkey instead of using first subkey for verification
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java index 40d487a48..b3572d4a2 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java @@ -276,6 +276,7 @@ public class PgpDecryptVerify { // continue with the next packet in the while loop continue; } + // get subkey which has been used for this encryption packet secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID()); if (secretEncryptionKey == null) { // continue with the next packet in the while loop @@ -390,7 +391,6 @@ public class PgpDecryptVerify { OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder(); PGPPublicKey signatureKey = null; int signatureIndex = -1; - boolean isSignatureKeyCertified = false; if (dataChunk instanceof PGPCompressedData) { updateProgress(R.string.progress_decompressing_data, currentProgress, 100); @@ -426,18 +426,23 @@ public class PgpDecryptVerify { if (masterKeyId != null) { // key found in our database! + signature = sigList.get(signatureIndex); + + PGPPublicKeyRing publicKeyRing = null; try { - signatureKey = mProviderHelper - .getPGPPublicKeyRing(masterKeyId).getPublicKey(); + publicKeyRing = mProviderHelper + .getPGPPublicKeyRing(masterKeyId); } catch (ProviderHelper.NotFoundException e) { // can't happen } - signature = sigList.get(signatureIndex); + // get the subkey which has been used to generate this signature + signatureKey = publicKeyRing.getPublicKey(signature.getKeyID()); signatureResultBuilder.knownKey(true); - signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(signatureKey)); - signatureResultBuilder.keyId(signature.getKeyID()); + // TODO: uses the first pubkey for information + signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(publicKeyRing.getPublicKey())); + signatureResultBuilder.keyId(publicKeyRing.getPublicKey().getKeyID()); JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider = new JcaPGPContentVerifierBuilderProvider() @@ -449,8 +454,8 @@ public class PgpDecryptVerify { KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(masterKeyId)), KeyRings.VERIFIED, ProviderHelper.FIELD_TYPE_INTEGER); - - isSignatureKeyCertified = ((Long) data > 0); + boolean isSignatureKeyCertified = ((Long) data > 0); + signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified); } else { // no key in our database -> return "unknown pub key" status including the first key id signatureResultBuilder.knownKey(false); @@ -529,7 +534,6 @@ public class PgpDecryptVerify { signatureResultBuilder.validSignature(validSignature); signatureResultBuilder.validKeyBinding(validKeyBinding); - signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified); } } @@ -622,22 +626,25 @@ public class PgpDecryptVerify { PGPSignature signature = null; PGPPublicKey signatureKey = null; - boolean isSignatureKeyCertified = false; if (masterKeyId != null) { // key found in our database! + signature = sigList.get(signatureIndex); + PGPPublicKeyRing publicKeyRing = null; try { - signatureKey = mProviderHelper - .getPGPPublicKeyRing(masterKeyId).getPublicKey(); + publicKeyRing = mProviderHelper + .getPGPPublicKeyRing(masterKeyId); } catch (ProviderHelper.NotFoundException e) { // can't happen } - signature = sigList.get(signatureIndex); + // get the subkey which has been used to generate this signature + signatureKey = publicKeyRing.getPublicKey(signature.getKeyID()); signatureResultBuilder.knownKey(true); - signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(signatureKey)); - signatureResultBuilder.keyId(signature.getKeyID()); + // TODO: uses the first pubkey for information + signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(publicKeyRing.getPublicKey())); + signatureResultBuilder.keyId(publicKeyRing.getPublicKey().getKeyID()); JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider = new JcaPGPContentVerifierBuilderProvider() @@ -649,8 +656,8 @@ public class PgpDecryptVerify { KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(masterKeyId)), KeyRings.VERIFIED, ProviderHelper.FIELD_TYPE_INTEGER); - - isSignatureKeyCertified = ((Long) data > 0); + boolean isSignatureKeyCertified = ((Long) data > 0); + signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified); } else { // no key in our database -> return "unknown pub key" status including the first key id signatureResultBuilder.knownKey(false); @@ -692,7 +699,6 @@ public class PgpDecryptVerify { signatureResultBuilder.validSignature(validSignature); signatureResultBuilder.validKeyBinding(validKeyBinding); - signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified); } result.setSignatureResult(signatureResultBuilder.build()); |