PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-10 10:49:39 +02:00
Code Issues Releases Wiki Activity

Document KOpenPGP mitigations

Browse source
This commit is contained in:
Paul Schaub 2025-05-15 14:31:40 +02:00
parent c914a43853
commit 7b32da722f
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
View file

@ -36,6 +36,14 @@ class Policy(
NotationRegistry(), NotationRegistry(),
AlgorithmSuite.defaultAlgorithmSuite) AlgorithmSuite.defaultAlgorithmSuite)
/**
* Decide, whether to sanitize public key parameters when unlocking OpenPGP secret keys.
* OpenPGP v4 keys are susceptible to a class of attacks, where an attacker with access
* to the locked key material (e.g. a cloud email provider) might manipulate unprotected
* public key parameters of the key, leading to potential secret key leakage.
*
* @see [Key Overwriting (KO) Attacks against OpenPGP](https://www.kopenpgp.com/)
*/
var enableKeyParameterValidation = false var enableKeyParameterValidation = false
fun copy() = Builder(this) fun copy() = Builder(this)