From 026de868a3f301abea2671dfd7d858e73f3bb755 Mon Sep 17 00:00:00 2001
From: NavaL <ayoyo@thoughtworks.com>
Date: Tue, 29 Nov 2016 19:28:52 +0100
Subject: [feat] expired public key are remotely fetched if expired

- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
  rule applies
---
 src/leap/bitmask/keymanager/__init__.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/leap/bitmask/keymanager/__init__.py')

diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index 6eeaecc9..2014524f 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -210,7 +210,7 @@ class KeyManager(object):
     @defer.inlineCallbacks
     def get_inactive_private_keys(self):
         """
-        Return all inactive private keys bound to address, that can are
+        Return all inactive private keys bound to address, that are
         stored locally.
         This can be used to attempt decryption from multiple keys.
 
@@ -494,7 +494,8 @@ class KeyManager(object):
         """
         Decrypt data using private key from address and verify with public key
         bound to verify address. If the decryption using the active private
-        key fails, then decription using the inactive key, if any, is tried.
+        key fails, then decryption with inactive keys, if any, is recursively
+        tried.
 
         :param data: The data to be decrypted.
         :type data: str
-- 
cgit v1.2.3