cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

pgpdecryptverify: only use keys for verification which are allowed to sign (OKC-01-013)

Browse Source
This commit is contained in:
Vincent Breitmoser
2015-10-08 20:01:04 +02:00
parent 084d6f1d3d
commit ba9b8f3a60
1 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignatureChecker.java
View File

@@ -132,8 +132,12 @@ class PgpSignatureChecker {
CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing( CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId) KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
); );
CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId);
if ( ! signingKey.canSign()) {
continue;
}
signatureIndex = i; signatureIndex = i;
signingKey = signingRing.getPublicKey(sigKeyId); signingKey = keyCandidate;
onePassSignature = sigList.get(i); onePassSignature = sigList.get(i);
return; return;
} catch (ProviderHelper.NotFoundException e) { } catch (ProviderHelper.NotFoundException e) {
@@ -151,8 +155,12 @@ class PgpSignatureChecker {
CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing( CanonicalizedPublicKeyRing signingRing = mProviderHelper.getCanonicalizedPublicKeyRing(
KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId) KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(sigKeyId)
); );
CanonicalizedPublicKey keyCandidate = signingRing.getPublicKey(sigKeyId);
if ( ! signingKey.canSign()) {
continue;
}
signatureIndex = i; signatureIndex = i;
signingKey = signingRing.getPublicKey(sigKeyId); signingKey = keyCandidate;
signature = sigList.get(i); signature = sigList.get(i);
return; return;
} catch (ProviderHelper.NotFoundException e) { } catch (ProviderHelper.NotFoundException e) {