diff --git a/OpenPGP-Security.md b/OpenPGP-Security.md index 8bfb091..254e813 100644 --- a/OpenPGP-Security.md +++ b/OpenPGP-Security.md @@ -1,21 +1,14 @@ -## Keyserver Security -* All pre-configured keyservers use HKPS -* The default keyserver is hkps://hkps.pool.sks-keyservers.net using a pinned certificate (can be found in assets) -* When updating a key from a keyserver, the fingerprint of the downloaded key is checked to match the fingerprint of the existing key - ## OpenPGP Security Choices * We never generate v3 signatures, always v4 * We do not import v3 keys (https://github.com/coruus/cooperpair/tree/master/keysteak) * If a v4 key is imported with a long key id that already exists in the database, the import is canceled. (see https://github.com/coruus/cooperpair/tree/master/pgpv4 for test keys) -* We never use MD5 for generating signatures -* No verification of signatures with MD5 hashes -* Sensible list of [allowed hash algorithms, symmetric encryption algorithms](https://github.com/open-keychain/open-keychain/blob/master/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java) -* Sensible key generation defaults: SHA-256 with AES-256 where possible, preferred ciphers up to date +* Whitelist of ciphers, whitelist of hash algorithms, minimum key requirements, and cipher/hash/key defaults can be found in [PgpConstants](https://github.com/open-keychain/open-keychain/blob/master/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java). +* We explicitly don't honor the preferred algorithms indicated by imported public keys to prevent fallback attacks (see coruus comments). -### ToDo? -Show warning on... -* We still verify v3 signatures -* signatures with RSA 1024 +## Keyserver Security +* All pre-configured keyservers use HKPS +* The default keyserver is hkps://hkps.pool.sks-keyservers.net using a pinned certificate (can be found in assets) +* When updating a key from a keyserver, the fingerprint of the downloaded key is checked to match the fingerprint of the existing key ## Version Header in ASCII Armor We don't include a version header in ASCII Armored OpenPGP packets as defined in [RFC4880](http://tools.ietf.org/html/rfc4880#page-56).