diff options
2 files changed, 9 insertions, 1 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java index 75f8bdb66..a116ea665 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java @@ -65,6 +65,10 @@ public class OpenPgpSignatureResultBuilder { this.mSignatureAvailable = signatureAvailable; } + public boolean isValidSignature() { + return mValidSignature; + } + public OpenPgpSignatureResult build() { if (mSignatureAvailable) { OpenPgpSignatureResult result = new OpenPgpSignatureResult(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java index b38caa80e..518975907 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java @@ -535,9 +535,13 @@ public class PgpDecryptVerify { } else { // no integrity check Log.d(Constants.TAG, "Encrypted data was not integrity protected! MDC packet is missing!"); + + // If no valid signature is present: // Handle missing integrity protection like failed integrity protection! // The MDC packet can be stripped by an attacker! - throw new IntegrityCheckFailedException(); + if (!signatureResultBuilder.isValidSignature()) { + throw new IntegrityCheckFailedException(); + } } updateProgress(R.string.progress_done, 100, 100); |