Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

redwood: Relax requirements for decrypting messages #7000

Merged
merged 1 commit into from Oct 27, 2023
Merged

redwood: Relax requirements for decrypting messages #7000

merged 1 commit into from Oct 27, 2023

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Oct 12, 2023
edited by zenmonkeykstop

Status

Ready for review

Description of Changes

Even if a source key is no longer valid per policy, we still want them to be able to decrypt a previously valid message for them. We can also drop the revocation/expiry filters, which were mostly theoretical in the SecureDrop context anyways.

Fixes #6991.

Testing

  • Visual review & CI passes

Deployment

Any special considerations for deployment? No

Checklist

  • Linting (make lint) and tests (make test) pass in the development container

@legoktm legoktm marked this pull request as ready for review October 13, 2023 15:25
@legoktm legoktm requested a review from a team as a code owner October 13, 2023 15:25
@legoktm
redwood: Relax requirements for decrypting messages
3596bb0 
Even if a source key is no longer valid per policy, we still want them
to be able to decrypt a previously valid message for them. We can also
drop the revocation/expiry filters, which were mostly theoretical in the
SecureDrop context anyways.

We first try validating the key with the StandardPolicy before trying
again with a NullPolicy to avoid downgrade attacks. Since we now have
another type of policy being used, the constant has been renamed to
STANDARD_POLICY to be clearer what kind it is.

Fixes #6991.
@legoktm
Copy link
Member Author

legoktm commented Oct 27, 2023

(Rebased)

zenmonkeykstop
zenmonkeykstop approved these changes Oct 27, 2023
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM based on visual review and CI passing. Given that the policy remains in place for encryption keys this is consistent with our overall approach to the SHA-1 problem (allow decryption of old files, prevent encryption with weak keys going forward.).

@zenmonkeykstop zenmonkeykstop merged commit bf90206 into develop Oct 27, 2023
12 checks passed
@zenmonkeykstop zenmonkeykstop deleted the sequoia-decryption branch October 27, 2023 19:09
@zenmonkeykstop zenmonkeykstop mentioned this pull request Oct 27, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nwalfield nwalfield nwalfield left review comments

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

It is (probably) okay to decrypt a message with a revoked, expired or weak key
3 participants
@legoktm @nwalfield @zenmonkeykstop