Missing private key packets validation when importing/retrieving private key

[martgil]

FlowCrypt recently received a security report where a bad private key is not getting blocked when importing/retrieving the private key. eg retrieving the key from backup (inbox), importing a private key file.

Sample bad private key:
corrupted-rsa-key.asc.txt

Steps to reproduce:

1. The easiest way to reproduce it is by importing the private key file from the app.

error message from gpg:

For reference of how this issue gets fixed on the browser extension, please see FlowCrypt/flowcrypt-browser#4271.

Impact:
As stated from the original email:

In particular, given that encrypting the private key only encrypts (and authenticates) the private key parameters, but not the public key parameters, an attacker could overwrite the public key. This can lead to various vulnerabilities, and we realized some of these vulnerabilities might be applicable to FlowCrypt.

[martgil]

For Android, ping IvanPizhenko so that he can maybe create a test case for Paul to look at.

@IvanPizhenko ping as per request 😅

[IvanPizhenko]

@vanitasvitae Please have a look at this. The question is - is there any ways in PGPainless to validate private key? At the moment, attempt to read invalid private key attached above by @martgil succeeds. They've fixed this issue in the Flowcrypt Browser Extension (see FlowCrypt/flowcrypt-browser#4271). Is there something similar in PGPainless? We'd like PGPainless to have such key validation and utilize it in this and other FlowCrypt applications.

[vanitasvitae]

There is some basic validation being done whenever the secret key is unlocked.

So you might already have success with UnlockSecretKey.unlockSecretKey(secretKey, protector) for each (sub)key after parsing the key ring which will throw a KeyIntegrityException for broken keys.

[IvanPizhenko]

There is some basic validation being done whenever the secret key is unlocked.

So you might already have success with UnlockSecretKey.unlockSecretKey(secretKey, protector) for each (sub)key after parsing the key ring which will throw a KeyIntegrityException for broken keys.

Thanks @vanitasvitae, I've tried it and seems to work, at least for the mentioned above malformed key.

[IvanPizhenko]

@DenBond7 Please look at #1676. I've written a function that will validate secret keys and test for it. Now I think I should handover this to you to properly integrate into application.

[DenBond7]