Dont allow RSA_SIGN, RSA_ENCRYPT, deprecated in RFC

author: Dominik Schürmann <dominik@dominikschuermann.de> 2015-08-10 13:54:25 +0200
committer: Dominik Schürmann <dominik@dominikschuermann.de> 2015-08-10 13:54:25 +0200
commit: 74c80d4a9d1cc6218c8fd0bfbe1243d30808f842 (patch)
tree: 0abdcb98e30348433a77bee7ca2fe0a68b886217 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
parent: 87199383061208b30a312e12aca2b9b4efc7ec33 (diff)
download: open-keychain-74c80d4a9d1cc6218c8fd0bfbe1243d30808f842.tar.gz
open-keychain-74c80d4a9d1cc6218c8fd0bfbe1243d30808f842.tar.bz2
open-keychain-74c80d4a9d1cc6218c8fd0bfbe1243d30808f842.zip
1 files changed, 3 insertions, 10 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
index 755899297..94fb2d877 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
@@ -101,9 +101,6 @@ public class PgpSecurityConstants {
      * all other algorithms are rejected with OpenPgpSignatureResult.RESULT_INSECURE or
      * OpenPgpDecryptionResult.RESULT_INSECURE
      *
-     * REASON:
-     * Don't allow ELGAMAL_GENERAL (20), reason in RFC
-     *
      * coorus:
      * Implementations MUST NOT accept, or treat any signature as valid, by an RSA key with
      * bitlength less than 1023 bits.
@@ -118,25 +115,21 @@ public class PgpSecurityConstants {
 
     public static boolean isSecureKey(CanonicalizedPublicKey key) {
         switch (key.getAlgorithm()) {
-            case PublicKeyAlgorithmTags.RSA_GENERAL:
-            case PublicKeyAlgorithmTags.RSA_ENCRYPT:
-            case PublicKeyAlgorithmTags.RSA_SIGN: {
+            case PublicKeyAlgorithmTags.RSA_GENERAL: {
                 return (key.getBitStrength() >= 2048);
             }
-
+            // RSA_ENCRYPT, RSA_SIGN: deprecated in RFC 4880, use RSA_GENERAL with key flags
             case PublicKeyAlgorithmTags.ELGAMAL_ENCRYPT: {
                 return (key.getBitStrength() >= 2048);
             }
-
             case PublicKeyAlgorithmTags.DSA: {
                 return (key.getBitStrength() >= 2048);
             }
-
             case PublicKeyAlgorithmTags.ECDH:
             case PublicKeyAlgorithmTags.ECDSA: {
                 return PgpSecurityConstants.sCurveWhitelist.contains(key.getCurveOid());
             }
-            // ELGAMAL_GENERAL: Must not be used, use ELGAMAL_ENCRYPT
+            // ELGAMAL_GENERAL: deprecated in RFC 4880, use ELGAMAL_ENCRYPT
             // DIFFIE_HELLMAN: unsure
             default:
                 return false;
author	Dominik Schürmann <dominik@dominikschuermann.de>	2015-08-10 13:54:25 +0200
committer	Dominik Schürmann <dominik@dominikschuermann.de>	2015-08-10 13:54:25 +0200
commit	74c80d4a9d1cc6218c8fd0bfbe1243d30808f842 (patch)
tree	0abdcb98e30348433a77bee7ca2fe0a68b886217 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
parent	87199383061208b30a312e12aca2b9b4efc7ec33 (diff)
download	open-keychain-74c80d4a9d1cc6218c8fd0bfbe1243d30808f842.tar.gz open-keychain-74c80d4a9d1cc6218c8fd0bfbe1243d30808f842.tar.bz2 open-keychain-74c80d4a9d1cc6218c8fd0bfbe1243d30808f842.zip