Add option to only accept signed backups
This commit is contained in:
parent
505db3946e
commit
7097f350bb
4 changed files with 40 additions and 22 deletions
|
@ -25,6 +25,7 @@ import android.widget.TextView;
|
||||||
import android.widget.Toast;
|
import android.widget.Toast;
|
||||||
|
|
||||||
import org.openintents.openpgp.OpenPgpError;
|
import org.openintents.openpgp.OpenPgpError;
|
||||||
|
import org.openintents.openpgp.OpenPgpSignatureResult;
|
||||||
import org.openintents.openpgp.util.OpenPgpApi;
|
import org.openintents.openpgp.util.OpenPgpApi;
|
||||||
import org.openintents.openpgp.util.OpenPgpServiceConnection;
|
import org.openintents.openpgp.util.OpenPgpServiceConnection;
|
||||||
|
|
||||||
|
@ -404,29 +405,35 @@ public class BackupActivity extends AppCompatActivity {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String outputStreamToString(ByteArrayOutputStream os) {
|
||||||
|
String string = "";
|
||||||
|
try {
|
||||||
|
string = os.toString("UTF-8");
|
||||||
|
} catch (UnsupportedEncodingException e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
|
||||||
|
return string;
|
||||||
|
}
|
||||||
|
|
||||||
public void handleOpenPGPResult(Intent result, ByteArrayOutputStream os, Uri file, int requestCode) {
|
public void handleOpenPGPResult(Intent result, ByteArrayOutputStream os, Uri file, int requestCode) {
|
||||||
if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_SUCCESS) {
|
if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_SUCCESS) {
|
||||||
if (requestCode == INTENT_ENCRYPT) {
|
if (requestCode == INTENT_ENCRYPT) {
|
||||||
if (os != null) {
|
if (os != null)
|
||||||
String encrypted = "";
|
doExportEncrypted(file, outputStreamToString(os));
|
||||||
try {
|
|
||||||
encrypted = os.toString("UTF-8");
|
|
||||||
} catch (UnsupportedEncodingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
|
|
||||||
doExportEncrypted(file, encrypted);
|
|
||||||
}
|
|
||||||
} else if (requestCode == INTENT_DECRYPT) {
|
} else if (requestCode == INTENT_DECRYPT) {
|
||||||
if (os != null) {
|
if (os != null) {
|
||||||
String decrypted = "";
|
if (settings.getBoolean(getString(R.string.settings_key_openpgp_verify), false)) {
|
||||||
try {
|
OpenPgpSignatureResult sigResult = result.getParcelableExtra(OpenPgpApi.RESULT_SIGNATURE);
|
||||||
decrypted = os.toString("UTF-8");
|
|
||||||
} catch (UnsupportedEncodingException e) {
|
|
||||||
e.printStackTrace();
|
|
||||||
}
|
|
||||||
|
|
||||||
doImportEncrypted(decrypted);
|
if (sigResult.getResult() == OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED) {
|
||||||
|
doImportEncrypted(outputStreamToString(os));
|
||||||
|
} else {
|
||||||
|
Toast.makeText(this, R.string.backup_toast_openpgp_not_verified, Toast.LENGTH_LONG).show();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
doImportEncrypted(outputStreamToString(os));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) {
|
} else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) {
|
||||||
|
@ -446,7 +453,7 @@ public class BackupActivity extends AppCompatActivity {
|
||||||
}
|
}
|
||||||
} else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_ERROR) {
|
} else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_ERROR) {
|
||||||
OpenPgpError error = result.getParcelableExtra(OpenPgpApi.RESULT_ERROR);
|
OpenPgpError error = result.getParcelableExtra(OpenPgpApi.RESULT_ERROR);
|
||||||
Toast.makeText(this, "OpenPGP Error: " + error.getMessage(), Toast.LENGTH_LONG).show();
|
Toast.makeText(this, String.format(getString(R.string.backup_toast_openpgp_error), error.getMessage()), Toast.LENGTH_LONG).show();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,4 +36,6 @@
|
||||||
<string name="backup_toast_import_failed">Import from external storage failed</string>
|
<string name="backup_toast_import_failed">Import from external storage failed</string>
|
||||||
<string name="backup_toast_storage_not_accessible">External storage currently not accessible</string>
|
<string name="backup_toast_storage_not_accessible">External storage currently not accessible</string>
|
||||||
<string name="backup_toast_storage_permissions">Storage permissions not granted</string>
|
<string name="backup_toast_storage_permissions">Storage permissions not granted</string>
|
||||||
|
<string name="backup_toast_openpgp_error">OpenPGP Error: %s</string>
|
||||||
|
<string name="backup_toast_openpgp_not_verified">No verified signature detected</string>
|
||||||
</resources>
|
</resources>
|
|
@ -12,7 +12,8 @@
|
||||||
|
|
||||||
<string name="settings_title_openpgp_provider">Select OpenPGP provider</string>
|
<string name="settings_title_openpgp_provider">Select OpenPGP provider</string>
|
||||||
<string name="settings_title_openpgp_keyid">Select OpenPGP key</string>
|
<string name="settings_title_openpgp_keyid">Select OpenPGP key</string>
|
||||||
<string name="settings_title_openpgp_sign">Sign encrypted backups?</string>
|
<string name="settings_title_openpgp_sign">Sign encrypted backups</string>
|
||||||
|
<string name="settings_title_openpgp_verify">Verify encrypted backups</string>
|
||||||
|
|
||||||
<!-- Descriptions -->
|
<!-- Descriptions -->
|
||||||
<string name="settings_desc_tap_to_reveal">If enabled the OTP token is hidden by default and has
|
<string name="settings_desc_tap_to_reveal">If enabled the OTP token is hidden by default and has
|
||||||
|
@ -25,9 +26,10 @@
|
||||||
<string name="settings_desc_auth_device_not_secure">This feature requires a secure lock screen
|
<string name="settings_desc_auth_device_not_secure">This feature requires a secure lock screen
|
||||||
to be set up (Settings -> Security -> Screenlock).</string>
|
to be set up (Settings -> Security -> Screenlock).</string>
|
||||||
|
|
||||||
<string name="settings_desc_openpgp_sign">Should the encrypted backups also be signed with your
|
<string name="settings_desc_openpgp_sign">Every encrypted backup is additionally signed with
|
||||||
key (requires password during each encryption)?
|
your key (requires password).</string>
|
||||||
</string>
|
<string name="settings_desc_openpgp_verify">Encrypted backups are only imported if they are
|
||||||
|
signed with a valid key.</string>
|
||||||
|
|
||||||
<!-- Keys -->
|
<!-- Keys -->
|
||||||
<string name="settings_key_tap_to_reveal" translatable="false">pref_tap_to_reveal</string>
|
<string name="settings_key_tap_to_reveal" translatable="false">pref_tap_to_reveal</string>
|
||||||
|
@ -36,5 +38,6 @@
|
||||||
<string name="settings_key_openpgp_provider">pref_openpgp_provider</string>
|
<string name="settings_key_openpgp_provider">pref_openpgp_provider</string>
|
||||||
<string name="settings_key_openpgp_keyid">pref_openpgp_keyid</string>
|
<string name="settings_key_openpgp_keyid">pref_openpgp_keyid</string>
|
||||||
<string name="settings_key_openpgp_sign">pref_openpgp_sign</string>
|
<string name="settings_key_openpgp_sign">pref_openpgp_sign</string>
|
||||||
|
<string name="settings_key_openpgp_verify">pref_openpgp_verify</string>
|
||||||
|
|
||||||
</resources>
|
</resources>
|
|
@ -35,6 +35,12 @@
|
||||||
android:summary="@string/settings_desc_openpgp_sign"
|
android:summary="@string/settings_desc_openpgp_sign"
|
||||||
android:defaultValue="false" />
|
android:defaultValue="false" />
|
||||||
|
|
||||||
|
<CheckBoxPreference
|
||||||
|
android:key="@string/settings_key_openpgp_verify"
|
||||||
|
android:title="@string/settings_title_openpgp_verify"
|
||||||
|
android:summary="@string/settings_desc_openpgp_verify"
|
||||||
|
android:defaultValue="false" />
|
||||||
|
|
||||||
</PreferenceCategory>
|
</PreferenceCategory>
|
||||||
|
|
||||||
</PreferenceScreen>
|
</PreferenceScreen>
|
Loading…
Reference in a new issue