diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteSecurityProblemDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteSecurityProblemDialogActivity.java
index 313657287..254597b5c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteSecurityProblemDialogActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/RemoteSecurityProblemDialogActivity.java
@@ -39,7 +39,6 @@ import android.widget.Button;
import android.widget.ImageView;
import android.widget.LinearLayout;
import android.widget.TextView;
-import android.widget.ViewAnimator;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.remote.ui.SecurityProblemPresenter.RemoteSecurityProblemView;
@@ -156,8 +155,10 @@ public class RemoteSecurityProblemDialogActivity extends FragmentActivity {
final LinearLayout insecureWarningLayout = (LinearLayout) view.findViewById(R.id.insecure_warning_layout);
final ImageView iconClientApp = (ImageView) view.findViewById(R.id.icon_client_app);
final TextView explanationText = (TextView) insecureWarningLayout.findViewById(R.id.dialog_insecure_text);
- final TextView recommendText = (TextView) insecureWarningLayout.findViewById(R.id.dialog_insecure_recommend_text);
- final TextView overrideText = (TextView) insecureWarningLayout.findViewById(R.id.dialog_insecure_override_text);
+ final TextView recommendText =
+ (TextView) insecureWarningLayout.findViewById(R.id.dialog_insecure_recommend_text);
+ final TextView overrideText =
+ (TextView) insecureWarningLayout.findViewById(R.id.dialog_insecure_override_text);
final ToolableViewAnimator secondaryLayoutAnimator =
(ToolableViewAnimator) insecureWarningLayout.findViewById(R.id.dialog_insecure_secondary_layout);
final ToolableViewAnimator buttonBarAnimator =
@@ -200,13 +201,6 @@ public class RemoteSecurityProblemDialogActivity extends FragmentActivity {
}
*/
- private void showGeneric(@StringRes int explanationStringRes) {
- explanationText.setText(explanationStringRes);
- secondaryLayoutAnimator.setDisplayedChild(SECONDARY_CHILD_NONE, layoutInitialized);
- buttonBarAnimator.setDisplayedChild(BUTTON_BAR_REGULAR, layoutInitialized);
- layoutInitialized = true;
- }
-
private void showGeneric(String explanationString) {
explanationText.setText(explanationString);
secondaryLayoutAnimator.setDisplayedChild(SECONDARY_CHILD_NONE, layoutInitialized);
@@ -239,12 +233,14 @@ public class RemoteSecurityProblemDialogActivity extends FragmentActivity {
@Override
public void showLayoutInsecureSymmetric(int symmetricAlgorithm) {
- showGeneric(R.string.insecure_symmetric_algo);
+ showGeneric(getString(R.string.insecure_symmetric_algo,
+ KeyFormattingUtils.getSymmetricCipherName(symmetricAlgorithm)));
}
@Override
public void showLayoutInsecureHashAlgorithm(int hashAlgorithm) {
- showGeneric(R.string.insecure_hash_algo);
+ showGeneric(getString(R.string.insecure_hash_algo,
+ KeyFormattingUtils.getHashAlgoName(hashAlgorithm)));
}
@Override
@@ -252,9 +248,8 @@ public class RemoteSecurityProblemDialogActivity extends FragmentActivity {
String algorithmName = KeyFormattingUtils.getAlgorithmInfo(algorithmId, null, null);
showGenericWithRecommendation(
- getString(R.string.insecure_encrypt_bitstrength, algorithmName,
- Integer.toString(bitStrength), "2010"),
- R.string.insecure_sign_bitstrength_suggestion);
+ getString(R.string.insecure_encrypt_bitstrength, algorithmName),
+ R.string.insecure_encrypt_bitstrength_suggestion);
}
@Override
@@ -262,31 +257,40 @@ public class RemoteSecurityProblemDialogActivity extends FragmentActivity {
String algorithmName = KeyFormattingUtils.getAlgorithmInfo(algorithmId, null, null);
showGenericWithRecommendation(
- getString(R.string.insecure_sign_bitstrength, algorithmName,
- Integer.toString(bitStrength), "2010"),
+ getString(R.string.insecure_sign_bitstrength, algorithmName),
R.string.insecure_sign_bitstrength_suggestion);
}
@Override
public void showLayoutEncryptNotWhitelistedCurve(String curveOid) {
- showGeneric(getString(R.string.insecure_encrypt_not_whitelisted_curve,
- KeyFormattingUtils.getCurveInfo(getContext(), curveOid)));
+ showGenericWithRecommendation(
+ getString(R.string.insecure_encrypt_not_whitelisted_curve, curveOid),
+ R.string.insecure_report_suggestion
+ );
}
@Override
public void showLayoutSignNotWhitelistedCurve(String curveOid) {
- showGeneric(getString(R.string.insecure_sign_not_whitelisted_curve,
- KeyFormattingUtils.getCurveInfo(getContext(), curveOid)));
+ showGenericWithRecommendation(
+ getString(R.string.insecure_sign_not_whitelisted_curve, curveOid),
+ R.string.insecure_report_suggestion
+ );
}
@Override
public void showLayoutEncryptUnidentifiedKeyProblem() {
- showGeneric(R.string.insecure_encrypt_unidentified);
+ showGenericWithRecommendation(
+ R.string.insecure_encrypt_unidentified,
+ R.string.insecure_report_suggestion
+ );
}
@Override
public void showLayoutSignUnidentifiedKeyProblem() {
- showGeneric(R.string.insecure_sign_unidentified);
+ showGenericWithRecommendation(
+ R.string.insecure_sign_unidentified,
+ R.string.insecure_report_suggestion
+ );
}
@Override
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
index a884fcb32..338330bc0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
@@ -43,8 +43,12 @@ import android.widget.ViewAnimator;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.teletrust.TeleTrusTNamedCurves;
+import org.bouncycastle.bcpg.HashAlgorithmTags;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.operator.jcajce.PGPUtil;
import org.bouncycastle.util.encoders.Hex;
import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpSignatureResult;
@@ -227,6 +231,47 @@ public class KeyFormattingUtils {
}
}
+ public static String getHashAlgoName(int hashAlgo) {
+ try {
+ return PGPUtil.getDigestName(hashAlgo);
+ } catch (PGPException e) {
+ return "#" + hashAlgo;
+ }
+ }
+
+ public static String getSymmetricCipherName(int algorithm) {
+ switch (algorithm) {
+ case SymmetricKeyAlgorithmTags.TRIPLE_DES:
+ return "Triple-DES";
+ case SymmetricKeyAlgorithmTags.IDEA:
+ return "IDEA";
+ case SymmetricKeyAlgorithmTags.CAST5:
+ return "CAST5";
+ case SymmetricKeyAlgorithmTags.BLOWFISH:
+ return "Blowfish";
+ case SymmetricKeyAlgorithmTags.SAFER:
+ return "SAFER";
+ case SymmetricKeyAlgorithmTags.DES:
+ return "DES";
+ case SymmetricKeyAlgorithmTags.AES_128:
+ return "AES-128";
+ case SymmetricKeyAlgorithmTags.AES_192:
+ return "AES-192";
+ case SymmetricKeyAlgorithmTags.AES_256:
+ return "AES-256";
+ case SymmetricKeyAlgorithmTags.CAMELLIA_128:
+ return "Camellia-128";
+ case SymmetricKeyAlgorithmTags.CAMELLIA_192:
+ return "Camellia-192";
+ case SymmetricKeyAlgorithmTags.CAMELLIA_256:
+ return "Camellia-256";
+ case SymmetricKeyAlgorithmTags.TWOFISH:
+ return "Twofish";
+ default:
+ return "#" + algorithm;
+ }
+ }
+
/**
* Converts fingerprint to hex
*
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index bdfc3a15b..0362b5121 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -1855,21 +1855,22 @@
Security Warning
Recommended Action
- "The key you used to receive this message is using an outdated algorithm!\n\nThe algorithm in use is %1$s with %2$s bitstrength, which has been considered insecure since %3$s."
- The key in use is insecure, and cannot be updated. To communicate securely, the sender must create a new key!
- "The key this message was sent from is using an outdated algorithm!\n\nThe algorithm in use is %1$s with %2$s bitstrength, which has been considered insecure since %3$s."
+ "The key you used to receive (decrypt) this message is outdated!\n\nThe algorithm (%s) is configured with a strength of 1024 bits or less, which has been considered insecure for general use since 2006."
+ The key in use is insecure, and cannot be updated. To communicate securely, you must create a new key!
+ "The key that sent (signed) this message is outdated!\n\nThe algorithm (%s) is configured with a strength of 1024 bits or less, which has been considered insecure for general use since 2006."
The key in use is insecure, and cannot be updated. To communicate securely, the sender must create a new key!
- "The key used to receive this message is using an algorithm that is not considered secure!\n\nThe algorithm in use is %1$s, which has not received sufficient cryptanalysis to consider secure."
- "The key this message was sent from is using an outdated algorithm!\n\nThe algorithm in use is %1$s, which has not received sufficient cryptanalysis to consider secure."
+ "The key that received (decrypted) this message is using the elliptic curve with OID %1$s, which is not whitelisted!"
+ "The key this message was sent (signed) from is using the elliptic curve with OID %1$s, which is not whitelisted!"
"There is an unidentified security problem with the key used to receive (decrypyt) this message!"
"There is an unidentified security problem with the key used to send (sign) this message!"
+ "This might be a problem in OpenKeychain, please report on our issue tracker!"
"This message was not signed, and did also not contain a Modification Detection Code (MDC). It may have been modified by an attacker!"
- "For secure end-to-end communication, messages should be signed by the sender."
+ "A missing MDC is a problem in the sending software, or an attack. For secure end-to-end communication, messages should also be signed by the sender!"
- "This message was encrypted with an insecure algorithm."
- "This message was signed using an insecure algorithm."
- If you don\'t want to be warned about this security problem in the future, you can suppress this warning. To do so, press the Suppress button %d more times.
+ "This message was encrypted using the symmetric %s algorithm. This is considered insecure, or at least exotic!"
+ "This message was signed using the %s hashing algorithm. This is considered insecure, or at least exotic!"
+ If you don\'t want to be warned about this specific security problem in the future, you can suppress this warning.
Suppress this warning
Warning suppressed
The security warning (for this key/message) will not be shown again in the future.