aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain
diff options
context:
space:
mode:
authorVincent Breitmoser <valodim@mugenguild.com>2015-10-08 20:01:04 +0200
committerVincent Breitmoser <valodim@mugenguild.com>2015-10-08 20:01:04 +0200
commitba9b8f3a6009ca60abffccc3e3fbd160e0fa420c (patch)
tree809830edb97e0089715717f3607968d5970459b2 /OpenKeychain
parent084d6f1d3d8e4fc54bbd5a77a9e22af76f28a673 (diff)
downloadopen-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.tar.gz
open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.tar.bz2
open-keychain-ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c.zip
pgpdecryptverify: only use keys for verification which are allowed to sign (OKC-01-013)
Diffstat (limited to 'OpenKeychain')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java12
1 files changed, 10 insertions, 2 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
index a892a8a0d..4067372a1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
@@ -132,8 +132,12 @@ class PgpSignatureChecker {
CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
);
+ CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId);
+ if ( ! signingKey.canSign()) {
+ continue;
+ }
signatureIndex = i;
- signingKey = signingRing.getPublicKey(sigKeyId);
+ signingKey = keyCandidate;
onePassSignature = sigList.get(i);
return;
} catch (ProviderHelper.NotFoundException e) {
@@ -151,8 +155,12 @@ class PgpSignatureChecker {
CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
);
+ CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId);
+ if ( ! signingKey.canSign()) {
+ continue;
+ }
signatureIndex = i;
- signingKey = signingRing.getPublicKey(sigKeyId);
+ signingKey = keyCandidate;
signature = sigList.get(i);
return;
} catch (ProviderHelper.NotFoundException e) {