decryption of non-MDC-protected messages is now prevented for older v…

…ersions of GnuPG that set the return code to 0

CHANGELOG.md

@@ -1,3 +1,8 @@
+# 0.12b0 (2018-06-22)
+
+* decryption of non-MDC-protected messages is now prevented for older versions of GnuPG that set the return code to 0
+* force GnuPG to produce English output as we have to check it against a predefined string
+
 # 0.11b0 (2017-08-10)
 
 * version bump for legacy-less publication on github

README.md

@@ -68,13 +68,13 @@ server {
 
 Furthermore the following HTTP headers have to be set (Nginx example):
 ```
-add_header Content-Security-Policy   "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
+add_header Content-Security-Policy   "base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
 add_header Referrer-Policy           "same-origin";
 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
-add_header X-Content-Security-Policy "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
+add_header X-Content-Security-Policy "base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
 add_header X-Content-Type-Options    "nosniff";
 add_header X-Frame-Options           "SAMEORIGIN";
-add_header X-Webkit-CSP              "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
+add_header X-Webkit-CSP              "base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
 add_header X-XSS-Protection          "1; mode=block";
 ```
 

index.php

@@ -1,8 +1,8 @@
 <?php
 
-  # Shared-Secrets v0.11b0
+  # Shared-Secrets v0.12b0
   #
-  # Copyright (c) 2016, SysEleven GmbH
+  # Copyright (c) 2016-2018, SysEleven GmbH
   # All rights reserved.
   #
   # This page allows you to share a secret through a secret sharing link.

libs/shared-secrets.def.php

@@ -14,6 +14,9 @@
   define("URL_BASE64_MARKER_B", "_");
   define("URL_ENCODE_MARKER",   "%");
 
+  # define GnuPG error message
+  define("GPG_MDC_ERROR", "gpg: WARNING: message was not integrity protected");
+
   # define MySQL queries
   define("MYSQL_READ",  "SELECT COUNT(*) FROM secrets WHERE fingerprint = ?");
   define("MYSQL_WRITE", "INSERT INTO secrets VALUES (?, ?, CURRENT_TIMESTAMP)");

libs/shared-secrets.exec.php

@@ -108,12 +108,16 @@ function decrypt($content, $homedir, $passphrase_file) {
         $cmd_append .= " --batch --passphrase-file ".escapeshellarg($passphrase_file);
       }
 
-      $ret = execute_with_stdio("gpg --quiet --keyid-format LONG --no-tty ".$cmd_append." --output - --decrypt -",
+      $ret = execute_with_stdio("LANG=en gpg --quiet --keyid-format LONG --no-tty ".$cmd_append." --output - --decrypt -",
                                 $content,
                                 $stdout,
                                 $stderr);
       if (0 === $ret) {
-        $result = $stdout;
+        # check that the decrypted message has been integrity-protected,
+        # older versions of GnuPG set the return code to 0 when this warning occurs 
+        if (false === stripos($stderr, GPG_MDC_ERROR)) {
+          $result = $stdout;
+        }
       }
     }
 
@@ -170,7 +174,7 @@ function encrypt($content, $recipient, $homedir) {
         $cmd_append .= " --homedir ".escapeshellarg($homedir);
       }
 
-      $ret = execute_with_stdio("gpg --quiet --keyid-format LONG --no-tty --recipient ".escapeshellarg($recipient)." --trust-model always --yes ".$cmd_append." --output - --encrypt -",
+      $ret = execute_with_stdio("LANG=en gpg --quiet --keyid-format LONG --no-tty --recipient ".escapeshellarg($recipient)." --trust-model always --yes ".$cmd_append." --output - --encrypt -",
                                 $content,
                                 $stdout,
                                 $stderr);