Add option to only accept signed backups

This commit is contained in:
Jakob Nixdorf 2017-07-14 14:44:55 +02:00
parent 505db3946e
commit 7097f350bb
No known key found for this signature in database
GPG key ID: BE99BF86574A7DBC
4 changed files with 40 additions and 22 deletions

View file

@ -25,6 +25,7 @@ import android.widget.TextView;
import android.widget.Toast; import android.widget.Toast;
import org.openintents.openpgp.OpenPgpError; import org.openintents.openpgp.OpenPgpError;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.openintents.openpgp.util.OpenPgpApi; import org.openintents.openpgp.util.OpenPgpApi;
import org.openintents.openpgp.util.OpenPgpServiceConnection; import org.openintents.openpgp.util.OpenPgpServiceConnection;
@ -404,29 +405,35 @@ public class BackupActivity extends AppCompatActivity {
} }
} }
public String outputStreamToString(ByteArrayOutputStream os) {
String string = "";
try {
string = os.toString("UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return string;
}
public void handleOpenPGPResult(Intent result, ByteArrayOutputStream os, Uri file, int requestCode) { public void handleOpenPGPResult(Intent result, ByteArrayOutputStream os, Uri file, int requestCode) {
if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_SUCCESS) { if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_SUCCESS) {
if (requestCode == INTENT_ENCRYPT) { if (requestCode == INTENT_ENCRYPT) {
if (os != null) { if (os != null)
String encrypted = ""; doExportEncrypted(file, outputStreamToString(os));
try {
encrypted = os.toString("UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
doExportEncrypted(file, encrypted);
}
} else if (requestCode == INTENT_DECRYPT) { } else if (requestCode == INTENT_DECRYPT) {
if (os != null) { if (os != null) {
String decrypted = ""; if (settings.getBoolean(getString(R.string.settings_key_openpgp_verify), false)) {
try { OpenPgpSignatureResult sigResult = result.getParcelableExtra(OpenPgpApi.RESULT_SIGNATURE);
decrypted = os.toString("UTF-8");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
doImportEncrypted(decrypted); if (sigResult.getResult() == OpenPgpSignatureResult.RESULT_VALID_KEY_CONFIRMED) {
doImportEncrypted(outputStreamToString(os));
} else {
Toast.makeText(this, R.string.backup_toast_openpgp_not_verified, Toast.LENGTH_LONG).show();
}
} else {
doImportEncrypted(outputStreamToString(os));
}
} }
} }
} else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) { } else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) {
@ -446,7 +453,7 @@ public class BackupActivity extends AppCompatActivity {
} }
} else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_ERROR) { } else if (result.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR) == OpenPgpApi.RESULT_CODE_ERROR) {
OpenPgpError error = result.getParcelableExtra(OpenPgpApi.RESULT_ERROR); OpenPgpError error = result.getParcelableExtra(OpenPgpApi.RESULT_ERROR);
Toast.makeText(this, "OpenPGP Error: " + error.getMessage(), Toast.LENGTH_LONG).show(); Toast.makeText(this, String.format(getString(R.string.backup_toast_openpgp_error), error.getMessage()), Toast.LENGTH_LONG).show();
} }
} }
} }

View file

@ -36,4 +36,6 @@
<string name="backup_toast_import_failed">Import from external storage failed</string> <string name="backup_toast_import_failed">Import from external storage failed</string>
<string name="backup_toast_storage_not_accessible">External storage currently not accessible</string> <string name="backup_toast_storage_not_accessible">External storage currently not accessible</string>
<string name="backup_toast_storage_permissions">Storage permissions not granted</string> <string name="backup_toast_storage_permissions">Storage permissions not granted</string>
<string name="backup_toast_openpgp_error">OpenPGP Error: %s</string>
<string name="backup_toast_openpgp_not_verified">No verified signature detected</string>
</resources> </resources>

View file

@ -12,7 +12,8 @@
<string name="settings_title_openpgp_provider">Select OpenPGP provider</string> <string name="settings_title_openpgp_provider">Select OpenPGP provider</string>
<string name="settings_title_openpgp_keyid">Select OpenPGP key</string> <string name="settings_title_openpgp_keyid">Select OpenPGP key</string>
<string name="settings_title_openpgp_sign">Sign encrypted backups?</string> <string name="settings_title_openpgp_sign">Sign encrypted backups</string>
<string name="settings_title_openpgp_verify">Verify encrypted backups</string>
<!-- Descriptions --> <!-- Descriptions -->
<string name="settings_desc_tap_to_reveal">If enabled the OTP token is hidden by default and has <string name="settings_desc_tap_to_reveal">If enabled the OTP token is hidden by default and has
@ -25,9 +26,10 @@
<string name="settings_desc_auth_device_not_secure">This feature requires a secure lock screen <string name="settings_desc_auth_device_not_secure">This feature requires a secure lock screen
to be set up (Settings -> Security -> Screenlock).</string> to be set up (Settings -> Security -> Screenlock).</string>
<string name="settings_desc_openpgp_sign">Should the encrypted backups also be signed with your <string name="settings_desc_openpgp_sign">Every encrypted backup is additionally signed with
key (requires password during each encryption)? your key (requires password).</string>
</string> <string name="settings_desc_openpgp_verify">Encrypted backups are only imported if they are
signed with a valid key.</string>
<!-- Keys --> <!-- Keys -->
<string name="settings_key_tap_to_reveal" translatable="false">pref_tap_to_reveal</string> <string name="settings_key_tap_to_reveal" translatable="false">pref_tap_to_reveal</string>
@ -36,5 +38,6 @@
<string name="settings_key_openpgp_provider">pref_openpgp_provider</string> <string name="settings_key_openpgp_provider">pref_openpgp_provider</string>
<string name="settings_key_openpgp_keyid">pref_openpgp_keyid</string> <string name="settings_key_openpgp_keyid">pref_openpgp_keyid</string>
<string name="settings_key_openpgp_sign">pref_openpgp_sign</string> <string name="settings_key_openpgp_sign">pref_openpgp_sign</string>
<string name="settings_key_openpgp_verify">pref_openpgp_verify</string>
</resources> </resources>

View file

@ -35,6 +35,12 @@
android:summary="@string/settings_desc_openpgp_sign" android:summary="@string/settings_desc_openpgp_sign"
android:defaultValue="false" /> android:defaultValue="false" />
<CheckBoxPreference
android:key="@string/settings_key_openpgp_verify"
android:title="@string/settings_title_openpgp_verify"
android:summary="@string/settings_desc_openpgp_verify"
android:defaultValue="false" />
</PreferenceCategory> </PreferenceCategory>
</PreferenceScreen> </PreferenceScreen>