Enigmail / Bugs / #501 mail.identity.id1.pgpkeyId should be a full fingerprint

#501 mail.identity.id1.pgpkeyId should be a full fingerprint

Status: fixed

Owner: nobody

Labels: None

Found in Version: 1.8.2

Severity: Minor

Thunderbird version:

GnuPG version:

Operating System: All

Fixed in version: 1.9.0

Cc: nobody

Updated: 2015-12-17

Created: 2015-05-28

Creator: Daniel Kahn Gillmor

Private: No

enigmail's per-account configuration includes mail.identity.idX.pgpkeyId (en_US account preferences pane text: "Use specific OpenPGP key ID (0x1234ABCD)"), which is populated with a short (32-bit) key ID.

forging a 32-bit keyId is trivial. If the account is configured in this way, and an attacker manages to inject a new subkey in the user's keyring, it's conceivable that the attacker's subkey could be used to encrypt the message instead of the user's subkey.

Discussion

Patrick Brunschwig - 2015-06-03

Changed on master for editing in Account selection. Key creation and setup wizard to follow.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2015-06-03

Fixed in version: --- --> 1.9.0
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2015-12-17

Fixed on master. Existing settings are not touched though.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2015-12-17

status: open --> fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

mail.identity.id1.pgpkeyId should be a full fingerprint

OpenPGP addon for Mozilla Thunderbird

Searches

Help

#501 mail.identity.id1.pgpkeyId should be a full fingerprint

Discussion