-
Notifications
You must be signed in to change notification settings - Fork 520
cure53 Security Audit 2015
The Security Audit can be downloaded at https://cure53.de/pentest-report_openkeychain.pdf
All identified vulnerabilities have been discussed with cure53 and fixed in OpenKeychain 3.6. OKC-01-006 has been fixed in 4.2. We will work on two "Miscellaneous Issues" (not vulnerabilities) for a future version of OpenKeychain.
FIXED IN
Filenames with slashes are rejected
FIXED IN
- https://github.com/open-keychain/open-keychain/commit/aad606c47ffea495d314bf1e537f1e2981b0dd88
- https://github.com/open-keychain/open-keychain/commit/21b83d8fa483eb3d911e7475663a7cb36e4170a0
A comparison of user ids is difficult to implement as keyservers could, in some circumstances, return User IDs with a broken encoding. We would also need to check for revocation status, key size etc. which introduces much code complexity. Downloading all search results and parsing them locally before prompting the user which key(s) he wants would result in too much network traffic. Keys are several to many kilobytes in size, e.g., 66kb.
FIXED in 4.2: Before importing keys from keyservers, they are downloaded fully, verified, and displayed to the user.
The fingerprint check is now performed after canonicalization and the method has been changed to check primary and mutually bound keys only.
FIXED IN
- https://github.com/open-keychain/open-keychain/commit/9d97d37c06f22354c124bd6cedd989d9ca4ff53e
- https://github.com/open-keychain/open-keychain/commit/8f40c6df5108f30dc424e4d802f49f3392738724
Proposed fix has been implemented.
FIXED FOR ANDROID >= 5 IN (We will leave this open for Android < 5 for now due to the low priority) https://github.com/open-keychain/open-keychain/commit/57a04cb8a14a4777a3d77a92952d9fbdbd72b527
Confirmed identities (if they exist) are now prioritized over non-confirmed ones.
FIXED IN
The database version has been increased, this already prevents a downgrade. In addition onDowngrade has been overridden.
FIXED IN
Now only uses keys for verification which are allowed to sign.
FIXED IN
- https://github.com/open-keychain/open-keychain/commit/ba9b8f3a6009ca60abffccc3e3fbd160e0fa420c
- https://github.com/open-keychain/open-keychain/commit/e67e8cd8c1677fe95d0fe15df0e0d1342d8cc44e
The save functionality has been removed for Android < 4.4, on Android >= 4.4 the new Document Storage Framework is used. The problematic file dialog has been removed.
FIXED IN
Logs are no longer saved. Instead a dialog is shown that warns the user about potential sensitive information inside the log and allows to share the log directly with another app such as a mail program. Save functionality removed for Android < 4.4, only the new backup function has code for saving files on Android < 4.4. On Android >= 4.4 saving is enabled via the Document Provider API, which handles everything Backup/Export. Backups are now symmetrically encrypted via a randomly generated Backup Code.
FIXED IN:
- https://github.com/open-keychain/open-keychain/commit/cdf67c3296b9a7aadf3528ed3eed29cdac752dde
- https://github.com/open-keychain/open-keychain/commit/eff59b46452e4f9b577ea8bc755cc96c3d76a760
- https://github.com/open-keychain/open-keychain/pull/1546 and related commits on git master
- https://github.com/open-keychain/open-keychain/wiki/Backups
- https://github.com/open-keychain/open-keychain/commit/97ca5091c237ff185a1a5651ff54752a3e49adc3
see OKC-01-015
We now disallow all redirects, a warning is now shown when a keyserver is added without a pinned certificate, users needs to uncheck "only trusted keyserver" to get past the warning. We pinned sks-keyserver, pgp.mit.edu, keybase.io.
FIXED IN
- https://github.com/open-keychain/open-keychain/commit/0b181743a3d6b1423e112b17a400b5ac4ac09bcb
- https://github.com/open-keychain/open-keychain/commit/9ee61dc0dfa5990126b7fb79c5373beb83a8b040
- https://github.com/open-keychain/open-keychain/commit/3a9709a35d3cf5cd2e93e49b75745226fd59ae2d
OpenKeychain now processes 100 User IDs at maximum.
FIXED IN
- https://github.com/open-keychain/open-keychain/commit/29e9b2fa1eb5cfcd1539027e54025120d5af6a3e
- https://github.com/open-keychain/open-keychain/commit/2b735102f79d36c91f2afd9f0fc7105df29f62d0
OpenKeychain now skips keys or User IDs with broken encodings or other wrong values, the get-method no longer crashes on empty or wrong data.
FIXED IN
Min key length for key creation is now at 2048 bit for RSA, DSA, ElGamal.
FIXED IN
In the future, we like to tag insecure keys inside our database, like revoked or expired keys and make them unselectable. There will be future work on this, when other issues have been sorted out, see https://github.com/open-keychain/open-keychain/issues/1476
WILL BE FIXED LATER
In the future, we like to switch to a model where the whole database of OpenKeychain is encrypted, not every single secret key separately, see https://github.com/open-keychain/open-keychain/issues/1541
WILL BE FIXED LATER
Http is still allowed, but http keyservers are not one of the trusted keyservers, so the warning is shown that we implemented for OKC-01-018.
FIXED