Add check that proof & database fingerprints are the same

2 files changed, 8 insertions, 4 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index ea9e165ba..5a8bfda29 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -336,7 +336,8 @@ public class PgpDecryptVerify extends BaseOperation {
         OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
 
         if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
-                || signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
+                && signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
+            Log.d(Constants.TAG, "STATUS IS " + signatureResult.getStatus());
             log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent);
             return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
         }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
index a4a3a801a..dc9592710 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
@@ -30,7 +30,6 @@ import com.textuality.keybase.lib.Proof;
 import com.textuality.keybase.lib.prover.Prover;
 
 import org.json.JSONObject;
-import org.openintents.openpgp.OpenPgpSignatureResult;
 import org.spongycastle.openpgp.PGPUtil;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
@@ -324,6 +323,11 @@ public class KeychainIntentService extends IntentService implements Progressable
                     sendProofError(prover.getLog(), getString(R.string.keybase_problem_fetching_evidence));
                     return;
                 }
+                String requiredFingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
+                if (!prover.checkFingerprint(requiredFingerprint)) {
+                    sendProofError(getString(R.string.keybase_key_mismatch));
+                    return;
+                }
 
                 String domain = prover.dnsTxtCheckRequired();
                 if (domain != null) {
@@ -361,13 +365,12 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 InputData inputData = createDecryptInputData(data);
                 OutputStream outStream = createCryptOutputStream(data);
-                String fingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
 
                 PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
                         this, new ProviderHelper(this), this,
                         inputData, outStream
                 );
-                builder.setSignedLiteralData(true).setRequiredSignerFingerprint(fingerprint);
+                builder.setSignedLiteralData(true).setRequiredSignerFingerprint(requiredFingerprint);
 
                 DecryptVerifyResult decryptVerifyResult = builder.build().execute();
                 outStream.close();