From 438405d3d2b12e6254ea166cd402ae6ed3a4209c Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Tue, 30 Dec 2014 12:34:24 +0100 Subject: add PIN as a SecretKeyType --- .../keychain/pgp/CanonicalizedSecretKey.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java index f9fa41528..5c99a9854 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java @@ -49,6 +49,7 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SignatureException; import java.util.Date; +import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -83,7 +84,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { } public enum SecretKeyType { - UNAVAILABLE(0), GNU_DUMMY(1), PASSPHRASE(2), PASSPHRASE_EMPTY(3), DIVERT_TO_CARD(4); + UNAVAILABLE(0), GNU_DUMMY(1), PASSPHRASE(2), PASSPHRASE_EMPTY(3), DIVERT_TO_CARD(4), PIN(5); final int mNum; @@ -101,6 +102,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { return PASSPHRASE_EMPTY; case 4: return DIVERT_TO_CARD; + case 5: + return PIN; // if this case happens, it's probably a check from a database value default: return UNAVAILABLE; @@ -135,6 +138,11 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { // It means the passphrase is empty return SecretKeyType.PASSPHRASE_EMPTY; } catch (PGPException e) { + HashMap notation = getRing().getLocalNotationData(); + if (notation.containsKey("unlock.pin@sufficientlysecure.org") + && "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) { + return SecretKeyType.PIN; + } // Otherwise, it's just a regular ol' passphrase return SecretKeyType.PASSPHRASE; } -- cgit v1.2.3 From 47ace7cea31ee794ed88bdf4163dd38fc33e8fc5 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sat, 3 Jan 2015 22:14:12 +0100 Subject: make certify routines more robust (#1016) --- .../org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java index 42e59b3bc..6965ca7cb 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java @@ -300,6 +300,12 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) { throw new PrivateKeyNotUnlockedException(); } + if (!isMasterKey()) { + throw new AssertionError("tried to certify with non-master key, this is a programming error!"); + } + if (publicKeyRing.getMasterKeyId() == getKeyId()) { + throw new AssertionError("key tried to self-certify, this is a programming error!"); + } // create a signatureGenerator from the supplied masterKeyId and passphrase PGPSignatureGenerator signatureGenerator; -- cgit v1.2.3