Closed ispringer closed 3 years ago
Hi @neuhalje @ispringer I'm a newbie at contribution to open source projects. I have actually used this very library in my projects, so I thought this would be a good place to start. Would you mind if I picked this up
@Sauhardstark that would be really cool!
@neuhalje - I've written the code but I'm facing certain issues. Is there any forum/platform where we could chat for a few minutes
Right now I am AFK. Maybe tomorrow? I think I have a Skype account buried somewhere. Would that suffice?
Yeah, sure tomorrow is cool. My skype mail - sauhard.sherlockholmes@gmail.com
Issue has been fixed pursuant to the above PR
Fixed in 2.3.0
Describe the bug MDC is not verified.
To Reproduce Step through code while decrypting a message that contains an MDC.
Expected behavior MDC should be verified when present. There should also be a way to configure MDC policy - whether MDC is required.
System
Additional context https://github.com/neuhalje/bouncy-gpg/blob/master/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/DecryptionStreamFactory.java does not appear to have any code for verifying MDC (data integrity check). I would expect to find code that looks something like this:
Some background on MDC and why it's important security-wise: https://gpgtools.tenderapp.com/kb/faq/modification-detection-code-mdc-errors