From 57378be1c07893e2231e485d6289d53d522aa7d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sat, 25 Jul 2015 14:32:47 +0200
Subject: Introduce constants in OpenPgpSignature and DecryptionResult for
 unsigned/unencrypted content, update API, introduce simple checks for
 insecure symmetric algos

---
 OpenKeychain/src/main/res/values/strings.xml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'OpenKeychain/src/main/res/values')

diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index ddf10c988..144617cd2 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -343,6 +343,7 @@
     <!-- results shown after decryption/verification -->
     <string name="decrypt_result_no_signature">"Not Signed"</string>
     <string name="decrypt_result_invalid_signature">"Invalid signature!"</string>
+    <string name="decrypt_result_insecure_cryptography">"Invalid signature (Insecure Cryptography)!"</string>
     <string name="decrypt_result_signature_uncertified">"Signed by <b>unconfirmed</b> key"</string>
     <string name="decrypt_result_signature_secret">"Signed by your key"</string>
     <string name="decrypt_result_signature_certified">"Signed by confirmed key"</string>
@@ -351,6 +352,7 @@
     <string name="decrypt_result_signature_missing_key">"Signed by <b>unknown public key</b>"</string>
     <string name="decrypt_result_encrypted">"Encrypted"</string>
     <string name="decrypt_result_not_encrypted">"Not Encrypted"</string>
+    <string name="decrypt_result_insecure">"Insecure Encryption"</string>
     <string name="decrypt_result_action_show">"Show"</string>
     <string name="decrypt_result_action_Lookup">"Lookup"</string>
     <string name="decrypt_invalid_text">"Either the signature is invalid or the key has been revoked. You cannot be sure who wrote the text. Do you still want to display it?"</string>
@@ -1163,7 +1165,7 @@
     <string name="msg_dc_trail_sym">"Encountered trailing, symmetrically encrypted data"</string>
     <string name="msg_dc_trail_unknown">"Encountered trailing data of unknown type"</string>
     <string name="msg_dc_unlocking">"Unlocking secret key"</string>
-    <string name="msg_dc_old_symmetric_encryption_algo">"Potentially insecure encryption algorithm has been used!"</string>
+    <string name="msg_dc_old_symmetric_encryption_algo">"Insecure encryption algorithm has been used!"</string>
 
     <!-- Messages for VerifySignedLiteralData operation -->
     <string name="msg_vl">"Starting signature check"</string>
-- 
cgit v1.2.3


From dba145f5dfb7f7a43be41b3d01eeb68c4253ae7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Thu, 30 Jul 2015 22:46:36 +0200
Subject: Follow some of coorus recommendations: better selection of algo
 whitelist, ignore recipients preferred algos

---
 OpenKeychain/src/main/res/values/strings.xml | 1 -
 1 file changed, 1 deletion(-)

(limited to 'OpenKeychain/src/main/res/values')

diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 144617cd2..071e085f3 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1196,7 +1196,6 @@
     <string name="msg_pse_compressing">"Preparing compression"</string>
     <string name="msg_pse_encrypting">"Encrypting data"</string>
     <string name="msg_pse_error_bad_passphrase">"Bad password!"</string>
-    <string name="msg_pse_error_hash_algo">"Requested hashing algorithm is not supported by this key!"</string>
     <string name="msg_pse_error_io">"Encountered IO Exception during operation!"</string>
     <string name="msg_pse_error_key_sign">"Selected signing key cannot sign data!"</string>
     <string name="msg_pse_error_sign_key">"Error fetching signing key!"</string>
-- 
cgit v1.2.3


From 3d8eda6e3e3748e32e4c47a405cd8c6962e28a96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= <dominik@dominikschuermann.de>
Date: Sun, 2 Aug 2015 23:34:00 +0200
Subject: Improve comments and reasons in PgpConstants, simple checks for
 insecure asymmetric keys

---
 OpenKeychain/src/main/res/values/strings.xml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'OpenKeychain/src/main/res/values')

diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index 071e085f3..72406aaab 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1134,7 +1134,6 @@
     <string name="msg_dc_clear_meta_size_unknown">"File size is unknown"</string>
     <string name="msg_dc_clear_meta_time">"Modification time: %s"</string>
     <string name="msg_dc_clear_signature_bad">"Signature check NOT OK!"</string>
-    <string name="msg_dc_error_unsupported_hash_algo">"Unsupported and potentially insecure hash algorithm!"</string>
     <string name="msg_dc_clear_signature_check">"Verifying signature data"</string>
     <string name="msg_dc_clear_signature_ok">"Signature check OK"</string>
     <string name="msg_dc_clear_signature">"Saving signature data for later"</string>
@@ -1144,7 +1143,6 @@
     <string name="msg_dc_error_corrupt_data">"Data is corrupt!"</string>
     <string name="msg_dc_error_extract_key">"Unknown error unlocking key!"</string>
     <string name="msg_dc_error_integrity_check">"Integrity check error!"</string>
-    <string name="msg_dc_error_integrity_missing">"Missing integrity check! This can happen because the encrypting application is out of date, or from a downgrade attack."</string>
     <string name="msg_dc_error_invalid_data">"No valid OpenPGP encrypted or signed data found!"</string>
     <string name="msg_dc_error_io">"Encountered an error reading input data!"</string>
     <string name="msg_dc_error_input">"Error opening input data stream!"</string>
@@ -1165,7 +1163,10 @@
     <string name="msg_dc_trail_sym">"Encountered trailing, symmetrically encrypted data"</string>
     <string name="msg_dc_trail_unknown">"Encountered trailing data of unknown type"</string>
     <string name="msg_dc_unlocking">"Unlocking secret key"</string>
-    <string name="msg_dc_old_symmetric_encryption_algo">"Insecure encryption algorithm has been used!"</string>
+    <string name="msg_dc_insecure_symmetric_encryption_algo">"Insecure encryption algorithm has been used! This can happen because the application is out of date, or from an attack."</string>
+    <string name="msg_dc_insecure_hash_algo">"Insecure hash algorithm has been used! This can happen because the application is out of date, or from an attack."</string>
+    <string name="msg_dc_insecure_mdc_missing">"Missing the Modification Detection Code (MDC) packet! This can happen because the encrypting application is out of date, or from a downgrade attack."</string>
+    <string name="msg_dc_insecure_key">"Insecure key: Either the bit length of RSA/DSA/ElGamal is too short or the ECC curve/algorithm is considered insecure! This can happen because the application is out of date, or from an attack."</string>
 
     <!-- Messages for VerifySignedLiteralData operation -->
     <string name="msg_vl">"Starting signature check"</string>
-- 
cgit v1.2.3