Package org.pgpainless.key.util
Class PublicKeyParameterValidationUtil
- java.lang.Object
-
- org.pgpainless.key.util.PublicKeyParameterValidationUtil
-
public class PublicKeyParameterValidationUtil extends java.lang.Object
Utility class to verify keys against Key Overwriting (KO) attacks. This class of attacks is only possible if the attacker has access to the (encrypted) secret key material. To execute the attack, they would modify the unauthenticated parameters of the users public key. Using the modified public key in combination with the unmodified secret key material can then lead to the extraction of secret key parameters via weakly crafted messages.
-
-
Constructor Summary
Constructors Constructor Description PublicKeyParameterValidationUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
verifyPublicKeyParameterIntegrity(org.bouncycastle.openpgp.PGPPrivateKey privateKey, org.bouncycastle.openpgp.PGPPublicKey publicKey)
-
-
-
Method Detail
-
verifyPublicKeyParameterIntegrity
public static void verifyPublicKeyParameterIntegrity(org.bouncycastle.openpgp.PGPPrivateKey privateKey, org.bouncycastle.openpgp.PGPPublicKey publicKey) throws KeyIntegrityException
- Throws:
KeyIntegrityException
-
-