Package org.pgpainless.key.util
Class PublicKeyParameterValidationUtil
java.lang.Object
org.pgpainless.key.util.PublicKeyParameterValidationUtil
Utility class to verify keys against Key Overwriting (KO) attacks.
This class of attacks is only possible if the attacker has access to the (encrypted) secret key material.
To execute the attack, they would modify the unauthenticated parameters of the users public key.
Using the modified public key in combination with the unmodified secret key material can then lead to the
extraction of secret key parameters via weakly crafted messages.
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic void
verifyPublicKeyParameterIntegrity
(org.bouncycastle.openpgp.PGPPrivateKey privateKey, org.bouncycastle.openpgp.PGPPublicKey publicKey)
-
Constructor Details
-
PublicKeyParameterValidationUtil
public PublicKeyParameterValidationUtil()
-
-
Method Details
-
verifyPublicKeyParameterIntegrity
public static void verifyPublicKeyParameterIntegrity(org.bouncycastle.openpgp.PGPPrivateKey privateKey, org.bouncycastle.openpgp.PGPPublicKey publicKey) throws KeyIntegrityException - Throws:
KeyIntegrityException
-