keymanager: sanitize keys and harden against malicious key content
As said on platform#8661 there's some keys out there that try to exploid OpenPgp implementations in various ways.
We can try and reduce the attack surface by:
-
performing sanity checks on the keydata we import -
checking if the OpenPgp implementations we use have been checked for exploids (fuzzing etc.) -
figure out known attacks on pgp implementations and see if they affect us. -
keeping track of which key to use for what and using temporary keyrings.
I think we already do the last point. I'll also add sanity checks in the webapp on key upload and in nickserver... security in depth is the goal i guess. So let's not rely on these but still have checks in the client.