From b76aa7fe11f953d10688fbc01daa65676448c78a Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <valodim@mugenguild.com>
Date: Fri, 11 Sep 2015 02:05:17 +0200
Subject: never import secret keys from keyserver (OKC-01-001)

---
 .../keychain/operations/ImportOperation.java                  | 11 +++++++++--
 .../keychain/operations/results/OperationResult.java          |  5 +++--
 OpenKeychain/src/main/res/values-de/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values-es/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values-eu/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values-fr/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values-ja/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values-nl/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values-sr/strings.xml               |  2 +-
 OpenKeychain/src/main/res/values/strings.xml                  |  3 ++-
 10 files changed, 21 insertions(+), 12 deletions(-)

(limited to 'OpenKeychain')

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java
index 29264b5a2..89575338f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/ImportOperation.java
@@ -211,7 +211,7 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {
                             }
                         } catch (Keyserver.QueryFailedException e) {
                             Log.d(Constants.TAG, "query failed", e);
-                            log.add(LogType.MSG_IMPORT_FETCH_KEYSERVER_ERROR, 3, e.getMessage());
+                            log.add(LogType.MSG_IMPORT_FETCH_ERROR_KEYSERVER, 3, e.getMessage());
                         }
                     }
 
@@ -243,7 +243,7 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {
                         } catch (Keyserver.QueryFailedException e) {
                             // download failed, too bad. just proceed
                             Log.e(Constants.TAG, "query failed", e);
-                            log.add(LogType.MSG_IMPORT_FETCH_KEYSERVER_ERROR, 3, e.getMessage());
+                            log.add(LogType.MSG_IMPORT_FETCH_ERROR_KEYSERVER, 3, e.getMessage());
                         }
                     }
                 }
@@ -254,6 +254,13 @@ public class ImportOperation extends BaseOperation<ImportKeyringParcel> {
                     continue;
                 }
 
+                // never import secret keys from keyserver!
+                if (entry.mBytes == null && key.isSecret()) {
+                    log.add(LogType.MSG_IMPORT_FETCH_ERROR_KEYSERVER_SECRET, 2);
+                    badKeys += 1;
+                    continue;
+                }
+
                 // Another check if we have been cancelled
                 if (checkCancelled()) {
                     cancelled = true;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
index 4e528f73e..6e9aca30d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
@@ -707,10 +707,11 @@ public abstract class OperationResult implements Parcelable {
 
         MSG_IMPORT_FETCH_ERROR (LogLevel.ERROR, R.string.msg_import_fetch_error),
         MSG_IMPORT_FETCH_ERROR_DECODE (LogLevel.ERROR, R.string.msg_import_fetch_error_decode),
+        MSG_IMPORT_FETCH_ERROR_KEYSERVER(LogLevel.ERROR, R.string.msg_import_fetch_error_keyserver),
+        MSG_IMPORT_FETCH_ERROR_KEYSERVER_SECRET (LogLevel.ERROR, R.string.msg_import_fetch_error_keyserver_secret),
+        MSG_IMPORT_FETCH_KEYBASE (LogLevel.INFO, R.string.msg_import_fetch_keybase),
         MSG_IMPORT_FETCH_KEYSERVER (LogLevel.INFO, R.string.msg_import_fetch_keyserver),
         MSG_IMPORT_FETCH_KEYSERVER_OK (LogLevel.DEBUG, R.string.msg_import_fetch_keyserver_ok),
-        MSG_IMPORT_FETCH_KEYSERVER_ERROR (LogLevel.ERROR, R.string.msg_import_fetch_keyserver_error),
-        MSG_IMPORT_FETCH_KEYBASE (LogLevel.INFO, R.string.msg_import_fetch_keybase),
         MSG_IMPORT_KEYSERVER (LogLevel.DEBUG, R.string.msg_import_keyserver),
         MSG_IMPORT_MERGE (LogLevel.DEBUG, R.string.msg_import_merge),
         MSG_IMPORT_MERGE_ERROR (LogLevel.ERROR, R.string.msg_import_merge_error),
diff --git a/OpenKeychain/src/main/res/values-de/strings.xml b/OpenKeychain/src/main/res/values-de/strings.xml
index 51ec2e1ee..291ebf238 100644
--- a/OpenKeychain/src/main/res/values-de/strings.xml
+++ b/OpenKeychain/src/main/res/values-de/strings.xml
@@ -1163,7 +1163,7 @@
   <string name="msg_import_fetch_error_decode">Fehler beim Dekodieren des abgerufenen Schlüsselbundes!</string>
   <string name="msg_import_fetch_error">Schlüssel konnte nicht abgerufen werden! (Netzwerkprobleme?)</string>
   <string name="msg_import_fetch_keybase">Empfange von keybase.io: %s</string>
-  <string name="msg_import_fetch_keyserver_error">Konnte Schlüssel nicht vom Schlüsselserver abrufen: %s</string>
+  <string name="msg_import_fetch_error_keyserver">Konnte Schlüssel nicht vom Schlüsselserver abrufen: %s</string>
   <string name="msg_import_fetch_keyserver">Empfange von Schlüsselserver: %s</string>
   <string name="msg_import_fetch_keyserver_ok">Schlüssel erfolgreich heruntergeladen</string>
   <string name="msg_import_keyserver">Verwende Schlüsselserver %s</string>
diff --git a/OpenKeychain/src/main/res/values-es/strings.xml b/OpenKeychain/src/main/res/values-es/strings.xml
index 7ace8f3dd..043918c64 100644
--- a/OpenKeychain/src/main/res/values-es/strings.xml
+++ b/OpenKeychain/src/main/res/values-es/strings.xml
@@ -1162,7 +1162,7 @@
   <string name="msg_import_fetch_error_decode">¡Error al descifrar juego de claves descargado!</string>
   <string name="msg_import_fetch_error">¡La clave no se pudo descargar! (¿problemas con la red?)</string>
   <string name="msg_import_fetch_keybase">Descargando desde keybase.io: %s</string>
-  <string name="msg_import_fetch_keyserver_error">No se pudo obtener clave de los servidores de claves: %s</string>
+  <string name="msg_import_fetch_error_keyserver">No se pudo obtener clave de los servidores de claves: %s</string>
   <string name="msg_import_fetch_keyserver">Descargando desde el servidor de claves: %s</string>
   <string name="msg_import_fetch_keyserver_ok">La clave se descargó con éxito</string>
   <string name="msg_import_keyserver">Usando el servidor de claves %s</string>
diff --git a/OpenKeychain/src/main/res/values-eu/strings.xml b/OpenKeychain/src/main/res/values-eu/strings.xml
index 22b77242e..de4fb68d6 100644
--- a/OpenKeychain/src/main/res/values-eu/strings.xml
+++ b/OpenKeychain/src/main/res/values-eu/strings.xml
@@ -1060,7 +1060,7 @@
   <string name="msg_import_fetch_error_decode">Akatsa berreskuratutako giltza-uztai dekodeatzerakoan!</string>
   <string name="msg_import_fetch_error">Giltza ezin da berreskuratu! (Sare arazoak?)</string>
   <string name="msg_import_fetch_keybase">keybase.io-tik berreskuratzen: %s</string>
-  <string name="msg_import_fetch_keyserver_error">Ezin da giltza giltza-zerbitzarietatik berreskuratu: %s</string>
+  <string name="msg_import_fetch_error_keyserver">Ezin da giltza giltza-zerbitzarietatik berreskuratu: %s</string>
   <string name="msg_import_fetch_keyserver">Giltza-zerbitzaritik berreskuratzen: %s</string>
   <string name="msg_import_fetch_keyserver_ok">Giltza ongi berreskuratu da</string>
   <string name="msg_import_keyserver">%s giltza-zerbitzaria erabiltzen</string>
diff --git a/OpenKeychain/src/main/res/values-fr/strings.xml b/OpenKeychain/src/main/res/values-fr/strings.xml
index ff50c15ce..4a6c2bbfe 100644
--- a/OpenKeychain/src/main/res/values-fr/strings.xml
+++ b/OpenKeychain/src/main/res/values-fr/strings.xml
@@ -1162,7 +1162,7 @@
   <string name="msg_import_fetch_error_decode">Erreur de décodage du trousseau récupéré !</string>
   <string name="msg_import_fetch_error">La clef n\'a pas pu être récupérée ! (problèmes réseau ?)</string>
   <string name="msg_import_fetch_keybase">Récupération en provenance du keybase.io : %s</string>
-  <string name="msg_import_fetch_keyserver_error">Impossible de récupérer la clef sur les serveurs de clefs : %s</string>
+  <string name="msg_import_fetch_error_keyserver">Impossible de récupérer la clef sur les serveurs de clefs : %s</string>
   <string name="msg_import_fetch_keyserver">Récupération en provenance du serveur de clefs : %s</string>
   <string name="msg_import_fetch_keyserver_ok">Récupération de la clef est réussie !</string>
   <string name="msg_import_keyserver">Utilisation du serveur de clefs %s</string>
diff --git a/OpenKeychain/src/main/res/values-ja/strings.xml b/OpenKeychain/src/main/res/values-ja/strings.xml
index 02892dfb2..6f735b35b 100644
--- a/OpenKeychain/src/main/res/values-ja/strings.xml
+++ b/OpenKeychain/src/main/res/values-ja/strings.xml
@@ -1126,7 +1126,7 @@
   <string name="msg_import_fetch_error_decode">鍵輪のデコードエラー</string>
   <string name="msg_import_fetch_error">鍵の展開ができません! (ネットワークの問題?)</string>
   <string name="msg_import_fetch_keybase">keybase.ioから回収: %s</string>
-  <string name="msg_import_fetch_keyserver_error">鍵サーバからの展開: %s</string>
+  <string name="msg_import_fetch_error_keyserver">鍵サーバからの展開: %s</string>
   <string name="msg_import_fetch_keyserver">鍵サーバからの回収: %s</string>
   <string name="msg_import_fetch_keyserver_ok">鍵の展開に成功</string>
   <string name="msg_import_keyserver">鍵サーバ %s を使う</string>
diff --git a/OpenKeychain/src/main/res/values-nl/strings.xml b/OpenKeychain/src/main/res/values-nl/strings.xml
index f12896b14..1a02fdc07 100644
--- a/OpenKeychain/src/main/res/values-nl/strings.xml
+++ b/OpenKeychain/src/main/res/values-nl/strings.xml
@@ -1112,7 +1112,7 @@
   <string name="msg_import_fetch_error_decode">Fout bij decoderen van opgehaalde sleutelbos!</string>
   <string name="msg_import_fetch_error">Sleutel kon niet opgehaald worden! (Netwerkproblemen?)</string>
   <string name="msg_import_fetch_keybase">Bezig met ophalen van keybase.io: %s</string>
-  <string name="msg_import_fetch_keyserver_error">Kon sleutel niet ophalen van sleutelservers: %s</string>
+  <string name="msg_import_fetch_error_keyserver">Kon sleutel niet ophalen van sleutelservers: %s</string>
   <string name="msg_import_fetch_keyserver">Bezig met ophalen van sleutelserver: %s</string>
   <string name="msg_import_fetch_keyserver_ok">Ophalen van sleutel geslaagd!</string>
   <string name="msg_import_keyserver">Sleutelserver %s wordt gebruikt</string>
diff --git a/OpenKeychain/src/main/res/values-sr/strings.xml b/OpenKeychain/src/main/res/values-sr/strings.xml
index 8d4134e40..5c6d03950 100644
--- a/OpenKeychain/src/main/res/values-sr/strings.xml
+++ b/OpenKeychain/src/main/res/values-sr/strings.xml
@@ -1190,7 +1190,7 @@
   <string name="msg_import_fetch_error_decode">Грешка декодирања добављеног привеска!</string>
   <string name="msg_import_fetch_error">Не могу да добавим кључ! (Проблеми са мрежом?)</string>
   <string name="msg_import_fetch_keybase">Добављам са keybase.io: %s</string>
-  <string name="msg_import_fetch_keyserver_error">Не могу да добавим кључ са сервера кључева: %s</string>
+  <string name="msg_import_fetch_error_keyserver">Не могу да добавим кључ са сервера кључева: %s</string>
   <string name="msg_import_fetch_keyserver">Добављам са сервера кључева: %s</string>
   <string name="msg_import_fetch_keyserver_ok">Добављање кључева је успело</string>
   <string name="msg_import_keyserver">Користим сервер кључева %s</string>
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index f11114830..d55d128d3 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1278,8 +1278,9 @@
     </plurals>
     <string name="msg_import_fetch_error_decode">"Error decoding retrieved keyring!"</string>
     <string name="msg_import_fetch_error">"Key could not be retrieved! (Network problems?)"</string>
+    <string name="msg_import_fetch_error_keyserver">"Could not retrieve key from keyservers: %s"</string>
+    <string name="msg_import_fetch_error_keyserver_secret">"Cannot import secret key from keyserver!"</string>
     <string name="msg_import_fetch_keybase">"Retrieving from keybase.io: %s"</string>
-    <string name="msg_import_fetch_keyserver_error">"Could not retrieve key from keyservers: %s"</string>
     <string name="msg_import_fetch_keyserver">"Retrieving from keyserver: %s"</string>
     <string name="msg_import_fetch_keyserver_ok">"Key retrieval successful"</string>
     <string name="msg_import_keyserver">"Using keyserver %s"</string>
-- 
cgit v1.2.3