diff options
| author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-05-28 11:40:35 +0200 |
|---|---|---|
| committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-05-28 16:33:45 +0200 |
| commit | eb830c6786c500d69ce2a06203b7cf336ae8a9bf (patch) | |
| tree | 6c5a2d844802caf5edc4d890e1e752f285f3e546 /OpenKeychain/src/main/java/org | |
| parent | 5c8af1c5a5ad4be2bf3f2f657fe3fbd2f1fe8a24 (diff) | |
| download | open-keychain-eb830c6786c500d69ce2a06203b7cf336ae8a9bf.tar.gz open-keychain-eb830c6786c500d69ce2a06203b7cf336ae8a9bf.tar.bz2 open-keychain-eb830c6786c500d69ce2a06203b7cf336ae8a9bf.zip | |
warn on signature earlier than key creation, err on significantly earlier
Diffstat (limited to 'OpenKeychain/src/main/java/org')
2 files changed, 22 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index 119678f16..1cbff8a0d 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -401,6 +401,7 @@ public abstract class OperationResult implements Parcelable { MSG_KC_SUB_BAD_LOCAL(LogLevel.WARN, R.string.msg_kc_sub_bad_local), MSG_KC_SUB_BAD_KEYID(LogLevel.WARN, R.string.msg_kc_sub_bad_keyid), MSG_KC_SUB_BAD_TIME(LogLevel.WARN, R.string.msg_kc_sub_bad_time), + MSG_KC_SUB_BAD_TIME_EARLY(LogLevel.WARN, R.string.msg_kc_sub_bad_time_early), MSG_KC_SUB_BAD_TYPE(LogLevel.WARN, R.string.msg_kc_sub_bad_type), MSG_KC_SUB_DUP (LogLevel.DEBUG, R.string.msg_kc_sub_dup), MSG_KC_SUB_PRIMARY_BAD(LogLevel.WARN, R.string.msg_kc_sub_primary_bad), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java index 2bb4f7dc4..ecf68890e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java @@ -820,6 +820,15 @@ public class UncachedKeyRing { continue; } + Date keyCreationTime = key.getCreationTime(), keyCreationTimeLenient; + { + Calendar keyCreationCal = Calendar.getInstance(); + keyCreationCal.setTime(keyCreationTime); + // allow for diverging clocks up to one day when checking creation time + keyCreationCal.add(Calendar.MINUTE, -5); + keyCreationTimeLenient = keyCreationCal.getTime(); + } + // A subkey needs exactly one subkey binding certificate, and optionally one revocation // certificate. PGPPublicKey modified = key; @@ -851,6 +860,18 @@ public class UncachedKeyRing { continue; } + if (cert.getCreationTime().before(keyCreationTime)) { + // Signature is earlier than key creation time + log.add(LogType.MSG_KC_SUB_BAD_TIME_EARLY, indent); + // due to an earlier accident, we generated keys which had creation timestamps + // a few seconds after their signature timestamp. for compatibility, we only + // error out with some margin of error + if (cert.getCreationTime().before(keyCreationTimeLenient)) { + badCerts += 1; + continue; + } + } + if (cert.isLocal()) { // Creation date in the future? No way! log.add(LogType.MSG_KC_SUB_BAD_LOCAL, indent); |