-
-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Encrypted private key is authenticated using an insecure two-byte hash #176
Comments
This could have to do with S2K parameters ( |
I think I'm very close to the answer. Need to check a few commits. |
After this commit we have the current issue. |
I see.
to using the supposedly better approach of relying on BC code:
This method does a bunch of checks and additional logic depending on S2K usage and such. Perhaps there is an error in this method somewhere? Btw: What exactly does the issue title mean? Is this an error message returned by FlowCrypt Browser? I can see that there is some checksum being calculated by BC. |
@tomholub Could you provide more details here or point somebody from the team who can add more details from the code for |
|
Key before the passphrase changeuser: default@flowcrypt.test
Compatibility details:
Key after the passphrase change(causes the issue)user: default@flowcrypt.test
Compatibility details:
|
I did some debugging:
Note that the "after" key has a different S2K usage value. Now to find out how this comes to be :D |
I suppose that this line is the cause for the issue:
Since in your example code, you are doing a two step passphrase change (old -> none -> new), the S2K usage is set to none and then to CHECKSUM (which is insecure apparently). I suppose, BC should set the S2K usage to SHA1 instead in that line.
saving the intermediate step. |
Thank you! I will check |
This is what I get when I change the passphrase directly:
|
I will ask upstream what the reason for USAGE_CHECKSUM is and if we can change to USAGE_SHA1 by default instead for when changing from unprotected to passphrase protected keys. |
I created bcgit/bc-java#1020 upstream. |
I confirm that it fixes the issue. @vanitasvitae Please close it if needed. Thank you! |
By the way, is there some better option than |
I think for version 4 keys (which is what BC currently supports), USAGE_SHA1 is the best option. Edit: RFC4880bis |
@vanitasvitae Please look at the following issue FlowCrypt/flowcrypt-browser#3945.
After updating from
0.2.3
to0.2.4
a user is not able to import a modified key(viaPGPainless
) toFlowCrypt
for the browser. It seems something was changed in the encryption key process. I'm still doing the investigation. I will try to find a commit that causes the issue.We use the following code
The text was updated successfully, but these errors were encountered: