PGPainless/pgpainless
PGPainless
/
pgpainless
mirror of https://github.com/pgpainless/pgpainless.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Document KO protection utility class

This commit is contained in:
Paul Schaub 2022-07-04 11:05:16 +02:00
parent 8b66b3527e
commit 170aaaa0c5
Signed by: vanitasvitae
GPG Key ID: 62BEE9264BF17311
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pgpainless-core/src/main/java/org/pgpainless/key/util/PublicKeyParameterValidationUtil.java
View File

@ -38,6 +38,15 @@ import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.exception.KeyIntegrityException;
import org.pgpainless.implementation.ImplementationFactory;
/**
* Utility class to verify keys against Key Overwriting (KO) attacks.
* This class of attacks is only possible if the attacker has access to the (encrypted) secret key material.
* To execute the attack, they would modify the unauthenticated parameters of the users public key.
* Using the modified public key in combination with the unmodified secret key material can then lead to the
* extraction of secret key parameters via weakly crafted messages.
*
* @see <a href="https://www.kopenpgp.com/">Key Overwriting (KO) Attacks against OpenPGP</a>
*/
public class PublicKeyParameterValidationUtil {
public static void verifyPublicKeyParameterIntegrity(PGPPrivateKey privateKey, PGPPublicKey publicKey)