diff options
author | NavaL <ayoyo@thoughtworks.com> | 2016-11-29 19:28:52 +0100 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2017-12-03 20:43:33 +0100 |
commit | 026de868a3f301abea2671dfd7d858e73f3bb755 (patch) | |
tree | bae67987207b22fabc103d6dd2d380473f00b2f3 /src | |
parent | 1986316b7150a91798baea35e4b7507c3f4a337d (diff) |
[feat] expired public key are remotely fetched if expired
- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
rule applies
Diffstat (limited to 'src')
-rw-r--r-- | src/leap/bitmask/keymanager/__init__.py | 5 | ||||
-rw-r--r-- | src/leap/bitmask/keymanager/keys.py | 2 | ||||
-rw-r--r-- | src/leap/bitmask/keymanager/openpgp.py | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py index 6eeaecc9..2014524f 100644 --- a/src/leap/bitmask/keymanager/__init__.py +++ b/src/leap/bitmask/keymanager/__init__.py @@ -210,7 +210,7 @@ class KeyManager(object): @defer.inlineCallbacks def get_inactive_private_keys(self): """ - Return all inactive private keys bound to address, that can are + Return all inactive private keys bound to address, that are stored locally. This can be used to attempt decryption from multiple keys. @@ -494,7 +494,8 @@ class KeyManager(object): """ Decrypt data using private key from address and verify with public key bound to verify address. If the decryption using the active private - key fails, then decription using the inactive key, if any, is tried. + key fails, then decryption with inactive keys, if any, is recursively + tried. :param data: The data to be decrypted. :type data: str diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py index 4a3aa403..6c0c64ff 100644 --- a/src/leap/bitmask/keymanager/keys.py +++ b/src/leap/bitmask/keymanager/keys.py @@ -330,7 +330,7 @@ class OpenPGPKey(object): def needs_renewal(self, pre_expiration_threshold=DEFAULT_THRESHOLD): """ Indicates if the key is inside the renewal period. For ease of - transition keys should be renewed before they expire. + transition keys should be renewed/extended before they expire. :param pre_expiration_threshold: the amount of days before expiry date whereby the key should be renewed -- default value is 60 days diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py index a856ee06..984e1e68 100644 --- a/src/leap/bitmask/keymanager/openpgp.py +++ b/src/leap/bitmask/keymanager/openpgp.py @@ -590,7 +590,7 @@ class OpenPGPScheme(object): Reset sign_used flag for all keys in storage, to False... to indicate that the key pair has not interacted with all keys in the key ring yet. - This should only be used when regenerating the key pair. + This should only be used when regenerating/extending the key pair. """ all_keys = yield self.get_all_keys(private=False) |