From 74c80d4a9d1cc6218c8fd0bfbe1243d30808f842 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Mon, 10 Aug 2015 13:54:25 +0200
Subject: Dont allow RSA_SIGN, RSA_ENCRYPT, deprecated in RFC

---
 .../keychain/pgp/PgpSecurityConstants.java                  | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

(limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
index 755899297..94fb2d877 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
@@ -101,9 +101,6 @@ public class PgpSecurityConstants {
      * all other algorithms are rejected with OpenPgpSignatureResult.RESULT_INSECURE or
      * OpenPgpDecryptionResult.RESULT_INSECURE
      *
-     * REASON:
-     * Don't allow ELGAMAL_GENERAL (20), reason in RFC
-     *
      * coorus:
      * Implementations MUST NOT accept, or treat any signature as valid, by an RSA key with
      * bitlength less than 1023 bits.
@@ -118,25 +115,21 @@ public class PgpSecurityConstants {
 
     public static boolean isSecureKey(CanonicalizedPublicKey key) {
         switch (key.getAlgorithm()) {
-            case PublicKeyAlgorithmTags.RSA_GENERAL:
-            case PublicKeyAlgorithmTags.RSA_ENCRYPT:
-            case PublicKeyAlgorithmTags.RSA_SIGN: {
+            case PublicKeyAlgorithmTags.RSA_GENERAL: {
                 return (key.getBitStrength() >= 2048);
             }
-
+            // RSA_ENCRYPT, RSA_SIGN: deprecated in RFC 4880, use RSA_GENERAL with key flags
             case PublicKeyAlgorithmTags.ELGAMAL_ENCRYPT: {
                 return (key.getBitStrength() >= 2048);
             }
-
             case PublicKeyAlgorithmTags.DSA: {
                 return (key.getBitStrength() >= 2048);
             }
-
             case PublicKeyAlgorithmTags.ECDH:
             case PublicKeyAlgorithmTags.ECDSA: {
                 return PgpSecurityConstants.sCurveWhitelist.contains(key.getCurveOid());
             }
-            // ELGAMAL_GENERAL: Must not be used, use ELGAMAL_ENCRYPT
+            // ELGAMAL_GENERAL: deprecated in RFC 4880, use ELGAMAL_ENCRYPT
             // DIFFIE_HELLMAN: unsure
             default:
                 return false;
-- 
cgit v1.2.3