search

google / end-to-end

End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP)
Apache License 2.0
4.13k stars 298 forks source link

Extension: In the encryption/sign dialog, show recipients taking account for the key capabilities #181

Open koto opened 9 years ago

koto commented 9 years ago

From koto@google.com on September 02, 2014 17:13:48

In the keyring, for given User IDs we might have public/secret (sub)keys that can only encrypt/sign or verify a message. There is no guarantee that we can encrypt a message for every user id in a public keyring. For example, some keys might have been revoked,expired or just missing.

We should not allow the user to choose a user Chip as a recipient, if we don't have an encrypting key for that user.

Steps to reproduce:

  1. Import the following key - passphrase 'koto' 
-----BEGIN PGP PRIVATE KEY BLOCK-----   
Version: GnuPG v1.4.11 (GNU/Linux)   

lQH+BFN59MYBBADM7mCostQwhkC1vP/2AkQtgnYLXy2MJFjXi4hFzQdRYhXLIy4H   
YXtW/G7pt1ofq5mSnCIzLTAwT0B0W4bN+NFi8cRatXjHPNWD8I1XieYLVLQcFnqo   
IqhbFsylZ9XVCMcDnQjyPPGj/BMSz74bwduJnIUMc8l6UUq8So38NKSxsQARAQAB   
/gMDAtTk3JAyrlOEYPV+u8pbYRdn040Famo2wQ32gi4dPU2Eg9DtZLZVr1iircmM   
k1+/3hvtVSQcu/ghUfZMwGJkoq8pWN+6S6QMVLPphiYLB7csrOjeplzZzAuLiBfk   
ai842nRLS9nEcny2xdv3793nCNaiWxddkPYUBnFguYX7FRzNvifpyeMgJYwhTfip   
BmC6s+Hu15J42Y7dWOqxXu1HbahoYYXZ1q9jatgpkNe4t8V28ODONGwtcYeEF2F2   
rPOOHOFEf1sBUJTM/ve827W7e89c7yroIP7834YEGrHYuhUp6gyvlxi79wBnfUJd   
wVsf2bPhkwqef43dv7zL1NjpP1QaZ9WOdUjlo2twKPlZ+RHBsvNKMLy0u2yDLRel   
N0QT1FmZtL11gv5PvIsl5JMeiJhfROX216UuWJtQh+YnXqm75tfz+xwWvBRueOzD   
bJ30aCBps65m4GnEni8//6tB7DZa7W3sGpRuAOJsqu/wtB5rb3RvK3JzYSA8a290   
bytyc2FAZ29vZ2xlLmNvbT6IuAQTAQIAIgUCU3n0xgIbAwYLCQgHAwIGFQgCCQoL   
BBYCAwECHgECF4AACgkQVKcluJ0FWmRtswP/ZoRx0cTcQDXVcNNl1oRgfQopWvPv   
YkMwhbi7gLc3s74rOzFY+6GAohVUJ7Hc6EV1gjHNMocAp0spxgneA75ULx1v/7ea   
MVX0uadvggLoGMc1OqEO4ilux7Q8vMSLW6KEgTpCvbje0zcfrPor9a6ArorNLo6F   
EKI+BXEOhlIFat6dAf4EU3n0xgEEAJwKK1K5u5eu2+/8aC63STp7nDdxRn2+F73J   
yuk0jpjntTft4JzeIk5/00kdM01OLIbJH3nQNWLsbgog+j4cgPr/+ajdRf1sycuo   
NLBgTJjrkv94nYOCFtDAENylQ5v5crsag6Js+6VNLEizhhdD5aDOKzSMThV1jW3t   
Bu6EeT8fABEBAAH+AwMC1OTckDKuU4RgEhCZc3EDWz37OzWzkxhHAm/yVmA1XZVE   
dif343G+DqH+Kxyv0Q/OHPvPCzureInXmrNpvsNdta1LTP6DlWcxN5oyO3J2Ul1i   
TT7ldwHZaG9hnCTontPO5WnYAmtPtXN5tpRZeIp1Y2jB3178H76UX6u7VyFnMfMB   
A/QIG7w9BOK6AlasW4G8jYuCO+lDZ/hoNQEcy2s53IwCAKWZKRuAboEEyuTKuayM   
EjsabnEEbAe1UwvaE8XA2Tzb2mZI2YzcdDQoo+RRGXAJ38bhs5bgEi14f08/4zGg   
QP0/hSzxq+XUbWyhbYVGNEArMDKynAOJ+d3ikIBBq9z4owdESQ34hbi5YmmcTqQ0   
QwaJ2b/6ptJb1XLiz/MjpZJeDNelEeoeIj6rRgIRLqCZ2RjlcOp6F4+uZhhdmmQl   
gxau+Rd6u616G+eryRz9Wn/UT/+Cr5L5Ybhza97Ru2zzpSRZ2vdkYckLPLaInwQY   
AQIACQUCU3n0xgIbDAAKCRBUpyW4nQVaZPaHA/9tYBqwLuVEJt8yjuZ8rHoBrwL8   
50tTb6d1N0OfZiTOY/qJfoCCE2ypDgDYQdVEtXuuvzi9CYhxHgK75YJ9YQ2hoPgb   
3o4byXmMe3xJDwIAWAkTk3WWegazq6sz5TaK+AMk3LGOXFDkDdusJxBX3LApZnF8   
CpwhEQ2vh+wKNgyo0Q==   
=ItAK   
-----END PGP PRIVATE KEY BLOCK-----
  1. Try to encrypt the message.
  2. Enter koto+rsa in the recipients list

What happens:
You can choose koto+rsa identity. Encrypting the message will however only encrypt to senders' key, because koto+rsa UID has no public key to encrypt to.

What should happen:
koto+rsa Chip should be a red chip or should not show in the UI at all.

Original issue: http://code.google.com/p/end-to-end/issues/detail?id=144

koto commented 9 years ago

We need to expose getValidEncryptionKeys in ContextImpl or make TransferableKey.toKeyObject() expose information whether a valid encryption (sub)key is present and filter based on those.

Same for signing.

koto commented 9 years ago

This is taken into account for the Keyringv2 design.

sirdarckcat commented 8 years ago

closing up old bugs, please reopen if you would still like to see it fixed

sirdarckcat commented 8 years ago

this seems useful, sorry I shouldn't have closed it