Document KOpenPGP mitigations

2025-09-09 18:29:39 +02:00 · 2025-05-15 14:31:40 +02:00 · 2025-05-15 14:31:40 +02:00 · 828e31e12c
commit 828e31e12c
parent a31cc46c93
1 changed files with 8 additions and 0 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
@ -36,6 +36,14 @@ class Policy(
            NotationRegistry(),
            AlgorithmSuite.defaultAlgorithmSuite)

+    /**
+     * Decide, whether to sanitize public key parameters when unlocking OpenPGP secret keys.
+     * OpenPGP v4 keys are susceptible to a class of attacks, where an attacker with access
+     * to the locked key material (e.g. a cloud email provider) might manipulate unprotected
+     * public key parameters of the key, leading to potential secret key leakage.
+     *
+     * @see [Key Overwriting (KO) Attacks against OpenPGP](https://www.kopenpgp.com/)
+     */
    var enableKeyParameterValidation = false

    fun copy() = Builder(this)