diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-10-04 22:46:21 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2015-10-04 22:46:21 +0200 |
commit | dfce5449c2e8029039533c26ba15e5ac468eb8e2 (patch) | |
tree | c1afa4636495df5a9e35d3ea46aabec47b56382f /OpenKeychain/src/main/java/org/sufficientlysecure/keychain | |
parent | eff59b46452e4f9b577ea8bc755cc96c3d76a760 (diff) | |
download | open-keychain-dfce5449c2e8029039533c26ba15e5ac468eb8e2.tar.gz open-keychain-dfce5449c2e8029039533c26ba15e5ac468eb8e2.tar.bz2 open-keychain-dfce5449c2e8029039533c26ba15e5ac468eb8e2.zip |
Raise min asymmetric key length for all ciphers to 2048 bit
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain')
3 files changed, 26 insertions, 18 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index 65816e5f2..00c88089a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -514,7 +514,7 @@ public abstract class OperationResult implements Parcelable { MSG_CR_ERROR_NO_USER_ID (LogLevel.ERROR, R.string.msg_cr_error_no_user_id), MSG_CR_ERROR_NO_CERTIFY (LogLevel.ERROR, R.string.msg_cr_error_no_certify), MSG_CR_ERROR_NULL_EXPIRY(LogLevel.ERROR, R.string.msg_cr_error_null_expiry), - MSG_CR_ERROR_KEYSIZE_512 (LogLevel.ERROR, R.string.msg_cr_error_keysize_512), + MSG_CR_ERROR_KEYSIZE_2048(LogLevel.ERROR, R.string.msg_cr_error_keysize_2048), MSG_CR_ERROR_NO_KEYSIZE (LogLevel.ERROR, R.string.msg_cr_error_no_keysize), MSG_CR_ERROR_NO_CURVE (LogLevel.ERROR, R.string.msg_cr_error_no_curve), MSG_CR_ERROR_UNKNOWN_ALGO (LogLevel.ERROR, R.string.msg_cr_error_unknown_algo), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 6f156c201..59b840054 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -171,8 +171,8 @@ public class PgpKeyOperation { log.add(LogType.MSG_CR_ERROR_NO_KEYSIZE, indent); return null; } - if (add.mKeySize < 512) { - log.add(LogType.MSG_CR_ERROR_KEYSIZE_512, indent); + if (add.mKeySize < 2048) { + log.add(LogType.MSG_CR_ERROR_KEYSIZE_2048, indent); return null; } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddSubkeyDialogFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddSubkeyDialogFragment.java index b51d081e1..cd5281c7c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddSubkeyDialogFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddSubkeyDialogFragment.java @@ -348,30 +348,30 @@ public class AddSubkeyDialogFragment extends DialogFragment { /** * <h3>RSA</h3> - * <p>for RSA algorithm, key length must be greater than 1024 (according to - * <a href="https://github.com/open-keychain/open-keychain/issues/102">#102</a>). Possibility to generate keys bigger + * <p>for RSA algorithm, key length must be greater than 2048. Possibility to generate keys bigger * than 8192 bits is currently disabled, because it's almost impossible to generate them on a mobile device (check * <a href="http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml">RSA key length plot</a> and * <a href="http://www.keylength.com/">Cryptographic Key Length Recommendation</a>). Also, key length must be a * multiplicity of 8.</p> * <h3>ElGamal</h3> - * <p>For ElGamal algorithm, supported key lengths are 1536, 2048, 3072, 4096 or 8192 bits.</p> + * <p>For ElGamal algorithm, supported key lengths are 2048, 3072, 4096 or 8192 bits.</p> * <h3>DSA</h3> - * <p>For DSA algorithm key length must be between 512 and 1024. Also, it must me dividable by 64.</p> + * <p>For DSA algorithm key length must be between 2048 and 3072. Also, it must me dividable by 64.</p> * * @return correct key length, according to SpongyCastle specification. Returns <code>-1</code>, if key length is * inappropriate. */ private int getProperKeyLength(Algorithm algorithm, int currentKeyLength) { - final int[] elGamalSupportedLengths = {1536, 2048, 3072, 4096, 8192}; + final int[] elGamalSupportedLengths = {2048, 3072, 4096, 8192}; int properKeyLength = -1; switch (algorithm) { - case RSA: - if (currentKeyLength > 1024 && currentKeyLength <= 16384) { + case RSA: { + if (currentKeyLength >= 2048 && currentKeyLength <= 16384) { properKeyLength = currentKeyLength + ((8 - (currentKeyLength % 8)) % 8); } break; - case ELGAMAL: + } + case ELGAMAL: { int[] elGammalKeyDiff = new int[elGamalSupportedLengths.length]; for (int i = 0; i < elGamalSupportedLengths.length; i++) { elGammalKeyDiff[i] = Math.abs(elGamalSupportedLengths[i] - currentKeyLength); @@ -386,11 +386,14 @@ public class AddSubkeyDialogFragment extends DialogFragment { } properKeyLength = elGamalSupportedLengths[minimalIndex]; break; - case DSA: - if (currentKeyLength >= 512 && currentKeyLength <= 1024) { + } + case DSA: { + // Bouncy Castle supports 4096 maximum + if (currentKeyLength >= 2048 && currentKeyLength <= 4096) { properKeyLength = currentKeyLength + ((64 - (currentKeyLength % 64)) % 64); } break; + } } return properKeyLength; } @@ -424,7 +427,7 @@ public class AddSubkeyDialogFragment extends DialogFragment { final ArrayAdapter<CharSequence> keySizeAdapter = (ArrayAdapter<CharSequence>) mKeySizeSpinner.getAdapter(); keySizeAdapter.clear(); switch (algorithm) { - case RSA: + case RSA: { replaceArrayAdapterContent(keySizeAdapter, R.array.rsa_key_size_spinner_values); mKeySizeSpinner.setSelection(1); mKeySizeRow.setVisibility(View.VISIBLE); @@ -450,7 +453,8 @@ public class AddSubkeyDialogFragment extends DialogFragment { } mFlagAuthenticate.setChecked(false); break; - case ELGAMAL: + } + case ELGAMAL: { replaceArrayAdapterContent(keySizeAdapter, R.array.elgamal_key_size_spinner_values); mKeySizeSpinner.setSelection(3); mKeySizeRow.setVisibility(View.VISIBLE); @@ -466,7 +470,8 @@ public class AddSubkeyDialogFragment extends DialogFragment { mFlagAuthenticate.setChecked(false); mFlagAuthenticate.setEnabled(false); break; - case DSA: + } + case DSA: { replaceArrayAdapterContent(keySizeAdapter, R.array.dsa_key_size_spinner_values); mKeySizeSpinner.setSelection(2); mKeySizeRow.setVisibility(View.VISIBLE); @@ -482,7 +487,8 @@ public class AddSubkeyDialogFragment extends DialogFragment { mFlagAuthenticate.setChecked(false); mFlagAuthenticate.setEnabled(false); break; - case ECDSA: + } + case ECDSA: { mKeySizeRow.setVisibility(View.GONE); mCurveRow.setVisibility(View.VISIBLE); mCustomKeyInfoTextView.setText(""); @@ -496,7 +502,8 @@ public class AddSubkeyDialogFragment extends DialogFragment { mFlagAuthenticate.setEnabled(true); mFlagAuthenticate.setChecked(false); break; - case ECDH: + } + case ECDH: { mKeySizeRow.setVisibility(View.GONE); mCurveRow.setVisibility(View.VISIBLE); mCustomKeyInfoTextView.setText(""); @@ -510,6 +517,7 @@ public class AddSubkeyDialogFragment extends DialogFragment { mFlagAuthenticate.setChecked(false); mFlagAuthenticate.setEnabled(false); break; + } } keySizeAdapter.notifyDataSetChanged(); |