1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-22 19:08:00 +01:00

Document KO protection utility class

This commit is contained in:
Paul Schaub 2022-07-04 11:05:16 +02:00
parent 8b66b3527e
commit 170aaaa0c5
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311

View file

@ -38,6 +38,15 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.KeyIntegrityException;
import org.pgpainless.implementation.ImplementationFactory;
/**
* Utility class to verify keys against Key Overwriting (KO) attacks.
* This class of attacks is only possible if the attacker has access to the (encrypted) secret key material.
* To execute the attack, they would modify the unauthenticated parameters of the users public key.
* Using the modified public key in combination with the unmodified secret key material can then lead to the
* extraction of secret key parameters via weakly crafted messages.
*
* @see <a href="https://www.kopenpgp.com/">Key Overwriting (KO) Attacks against OpenPGP</a>
*/
public class PublicKeyParameterValidationUtil {
public static void verifyPublicKeyParameterIntegrity(PGPPrivateKey privateKey, PGPPublicKey publicKey)