diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-08-10 20:59:13 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-08-10 20:59:13 +0200 |
commit | c981902abab0a95067937384a89efcea6ca35f14 (patch) | |
tree | 1b479d1afecf96c6a026e77ddde755633bcda10c /OpenKeychain/src/main/java/org/sufficientlysecure | |
parent | b0821a3ddd56ebcd16b5e1b0de098cb90cab4c79 (diff) | |
download | open-keychain-c981902abab0a95067937384a89efcea6ca35f14.tar.gz open-keychain-c981902abab0a95067937384a89efcea6ca35f14.tar.bz2 open-keychain-c981902abab0a95067937384a89efcea6ca35f14.zip |
Handle missing integrity protection MDC packet as if integrity check would have failed.
An attacker could strip the MDC on its way to the receiver...
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java index 6f34816f1..46e69afc4 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java @@ -399,8 +399,7 @@ public class PgpDecryptVerify { signingKey = signingRing.getPublicKey(sigKeyId); signatureIndex = i; } catch (ProviderHelper.NotFoundException e) { - Log.d(Constants.TAG, "key not found!"); - // try next one... + Log.d(Constants.TAG, "key not found, trying next signature…"); } } @@ -537,8 +536,10 @@ public class PgpDecryptVerify { } } else { // no integrity check - Log.e(Constants.TAG, "Encrypted data was not integrity protected!"); - // TODO: inform user? + Log.d(Constants.TAG, "Encrypted data was not integrity protected! MDC packet is missing!"); + // Handle missing integrity protection like failed integrity protection! + // The MDC packet can be stripped by an attacker! + throw new IntegrityCheckFailedException(); } updateProgress(R.string.progress_done, 100, 100); |