
Prevent encryption spoof
Reported by Mento | May 30th, 2018 @ 11:32 AM | in 0.8.4 (closed)
Prevent the spoofing attack described at https://neopg.io/blog/encryption-spoof/
Test messages + eml files in Bug Cases > Encryption Spoof
Comments and changes to this ticket
-
Support May 30th, 2018 @ 12:02 PM
- State changed from new to fixed
(from [2fed2abe485fd11641b253a82b3d94923ef77848]) Prevent encryption spoof attack.
Do not allow unencrypted plaintext in an encrypted message.
UnitTests added.
[FIX] [#162 state:fixed] https://github.com/GPGTools/Libmacgpg/commit/2fed2abe485fd11641b253... -
steve May 30th, 2018 @ 09:00 PM
- State changed from fixed to started
-
Support May 31st, 2018 @ 10:58 AM
- State changed from started to fixed
(from [ce0eff8a85f1eb6c9b86e5cba2ff2fe56036efcc]) Use a boolean to indicate a decryption failure.
[#162 state:fixed] https://github.com/GPGTools/Libmacgpg/commit/ce0eff8a85f1eb6c9b86e5...
-
steve May 31st, 2018 @ 02:51 PM
Verify steps
https://neopg.io/blog/encryption-spoof/
- replace -r nerd with personal email
- create both cakes
- open 01-pgp-inline.gpg & 02-pgp-inline.gpg with TextEdit
- coyp the content of 01-pgp-inline.gpg into an email message and send to yourself. same wit #2 (don't encrypt or sign message) to generate eml files
In all cases decrytion should not work.
macOS 10.13.4
GPG Suite 2177n
verified -
steve May 31st, 2018 @ 02:51 PM
- State changed from fixed to verified
-
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป