aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain
diff options
context:
space:
mode:
authorDominik Schürmann <dominik@dominikschuermann.de>2014-04-13 18:55:18 +0200
committerDominik Schürmann <dominik@dominikschuermann.de>2014-04-13 18:55:18 +0200
commite10b24e2ea9591af4abe5f00817b23c940baeca8 (patch)
tree02c5fbe0b0d648a0c9218f065db351e6e887f880 /OpenKeychain
parent9b1a4a456a35fc78ee0562c861967406cb5c6050 (diff)
downloadopen-keychain-e10b24e2ea9591af4abe5f00817b23c940baeca8.tar.gz
open-keychain-e10b24e2ea9591af4abe5f00817b23c940baeca8.tar.bz2
open-keychain-e10b24e2ea9591af4abe5f00817b23c940baeca8.zip
Implement SIGNATURE_SUCCESS_CERTIFIED in PgpDecryptVerify (not tested)
Diffstat (limited to 'OpenKeychain')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java43
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/KeyListFragment.java1
2 files changed, 31 insertions, 13 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index c89b335bb..be917dc30 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -53,6 +53,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
+import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.util.InputData;
@@ -248,11 +249,11 @@ public class PgpDecryptVerify {
PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
PGPPBEEncryptedData encryptedDataSymmetric = null;
- PGPSecretKey secretKey = null;
+ PGPSecretKey secretEncryptionKey = null;
Iterator<?> it = enc.getEncryptedDataObjects();
boolean asymmetricPacketFound = false;
boolean symmetricPacketFound = false;
- // find secret key
+ // go through all objects and find one we can decrypt
while (it.hasNext()) {
Object obj = it.next();
if (obj instanceof PGPPublicKeyEncryptedData) {
@@ -260,8 +261,8 @@ public class PgpDecryptVerify {
PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
- long masterKeyId = 0;
- PGPSecretKeyRing secretKeyRing = null;
+ long masterKeyId;
+ PGPSecretKeyRing secretKeyRing;
try {
// get master key id for this encryption key id
masterKeyId = mProviderHelper.getMasterKeyId(
@@ -277,15 +278,15 @@ public class PgpDecryptVerify {
// continue with the next packet in the while loop
continue;
}
- secretKey = secretKeyRing.getSecretKey(encData.getKeyID());
- if (secretKey == null) {
+ secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID());
+ if (secretEncryptionKey == null) {
// continue with the next packet in the while loop
continue;
}
/* secret key exists in database! */
- // allow only a specific key for decryption?
+ // allow only specific keys for decryption?
if (mAllowedKeyIds != null) {
Log.d(Constants.TAG, "encData.getKeyID():" + encData.getKeyID());
Log.d(Constants.TAG, "allowedKeyIds: " + mAllowedKeyIds);
@@ -363,7 +364,7 @@ public class PgpDecryptVerify {
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
mPassphrase.toCharArray());
- privateKey = secretKey.extractPrivateKey(keyDecryptor);
+ privateKey = secretEncryptionKey.extractPrivateKey(keyDecryptor);
} catch (PGPException e) {
throw new WrongPassphraseException();
}
@@ -391,6 +392,7 @@ public class PgpDecryptVerify {
OpenPgpSignatureResult signatureResult = null;
PGPPublicKey signatureKey = null;
int signatureIndex = -1;
+ boolean isSignatureKeyCertified = false;
if (dataChunk instanceof PGPCompressedData) {
updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
@@ -407,6 +409,9 @@ public class PgpDecryptVerify {
signatureResult = new OpenPgpSignatureResult();
PGPOnePassSignatureList sigList = (PGPOnePassSignatureList) dataChunk;
+
+ // go through all signatures
+ // and find out for which signature we have a key in our database
Long masterKeyId = null;
for (int i = 0; i < sigList.size(); ++i) {
try {
@@ -416,10 +421,12 @@ public class PgpDecryptVerify {
signatureIndex = i;
} catch (ProviderHelper.NotFoundException e) {
Log.d(Constants.TAG, "key not found!");
+ // try next one...
}
}
- if (masterKeyId == null) {
+ if (masterKeyId != null) {
+ // key found in our database!
try {
signatureKey = mProviderHelper
.getPGPPublicKeyRing(masterKeyId).getPublicKey();
@@ -435,7 +442,15 @@ public class PgpDecryptVerify {
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
signature.init(contentVerifierBuilderProvider, signatureKey);
+ // get certification status of this key
+ Object data = mProviderHelper.getGenericData(
+ KeychainContract.UserIds.buildUserIdsUri(Long.toString(masterKeyId)),
+ KeyRings.VERIFIED,
+ ProviderHelper.FIELD_TYPE_INTEGER);
+
+ isSignatureKeyCertified = (Long) data > 0;
} else {
+ // no key in our database -> return "unknwon pub key" status including the first key id
if (!sigList.isEmpty()) {
signatureResult.setKeyId(sigList.get(0).getKeyID());
}
@@ -511,10 +526,14 @@ public class PgpDecryptVerify {
boolean validKeyBinding = verifyKeyBinding(messageSignature, signatureKey);
boolean validSignature = signature.verify(messageSignature);
- // TODO: implement CERTIFIED!
if (validKeyBinding && validSignature) {
- Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
- signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
+ if (isSignatureKeyCertified) {
+ Log.d(Constants.TAG, "SIGNATURE_SUCCESS_CERTIFIED");
+ signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED);
+ } else {
+ Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
+ signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
+ }
} else {
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
Log.e(Constants.TAG, "Error!\nvalidKeyBinding: " + validKeyBinding
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/KeyListFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/KeyListFragment.java
index c59284010..7ddbab624 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/KeyListFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/KeyListFragment.java
@@ -104,7 +104,6 @@ public class KeyListFragment extends Fragment
mStickyList = (StickyListHeadersListView) root.findViewById(R.id.key_list_list);
mStickyList.setOnItemClickListener(this);
-
// empty view
mButtonEmptyCreate = (BootstrapButton) root.findViewById(R.id.key_list_empty_button_create);
mButtonEmptyCreate.setOnClickListener(new OnClickListener() {