Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: do not allow decryption with "Plaintext" algorithm #287

Merged
merged 1 commit into from Feb 19, 2024
Merged

fix: do not allow decryption with "Plaintext" algorithm #287

merged 1 commit into from Feb 19, 2024

Conversation

link2xt
Copy link
Contributor

@link2xt link2xt commented Feb 13, 2024
edited

According to
https://datatracker.ietf.org/doc/html/rfc4880#section-13.4 "plaintext" MUST NOT be used to encrypt data packets.

We check that "plaintext" algorithm is not used
to decrypt messages and is not used to decrypt session keys
when the key is derived using S2K.

@link2xt link2xt force-pushed the link2xt/no-plaintext-decryption branch from e07d51f to 3870b5d Compare February 13, 2024 09:13
@dignifiedquire
Copy link
Member

I wish we had a test for this

@link2xt link2xt marked this pull request as draft February 15, 2024 21:55
@link2xt link2xt force-pushed the link2xt/no-plaintext-decryption branch 5 times, most recently from 9fec1b8 to 175b277 Compare February 16, 2024 01:09
@link2xt link2xt marked this pull request as ready for review February 16, 2024 01:09
@link2xt
Copy link
Contributor Author

link2xt commented Feb 16, 2024

@dignifiedquire I added one test, but testing the same for symmetrically decrypted key, asymmetrically decrypted key, derived key etc. is too difficult, so this only tests one code path.

@dignifiedquire
Copy link
Member

thanks :

@link2xt
fix: do not allow decryption with "Plaintext" algorithm
92b2011 
According to
<https://datatracker.ietf.org/doc/html/rfc4880#section-13.4>
"plaintext" MUST NOT be used to encrypt data packets.

We check that "plaintext" algorithm is not used
to decrypt messages and is not used to decrypt session keys
when the key is derived using S2K.
@link2xt link2xt force-pushed the link2xt/no-plaintext-decryption branch from 175b277 to 92b2011 Compare February 19, 2024 15:31
@link2xt link2xt merged commit 9201b7e into master Feb 19, 2024
18 checks passed
@dignifiedquire dignifiedquire deleted the link2xt/no-plaintext-decryption branch February 19, 2024 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dignifiedquire dignifiedquire dignifiedquire approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@link2xt @dignifiedquire