Updated App Security (markdown)

dschuermann 2014-10-09 06:58:02 -07:00
parent 93c52e5d03
commit 79929af4ba
1 changed files with 5 additions and 0 deletions

@ -17,6 +17,11 @@ From ``./lint --show AllowBackup``:
### Why is OpenKeychain's database not encrypted? ### Why is OpenKeychain's database not encrypted?
* Public keys are public, why encrypt them? * Public keys are public, why encrypt them?
* The private parts of the secret keys are [already encrypted using a passphrase](http://tools.ietf.org/html/rfc4880#section-5.5.3). They are only decrypted/"unlocked" in-memory in OpenKeychain when used. * The private parts of the secret keys are [already encrypted using a passphrase](http://tools.ietf.org/html/rfc4880#section-5.5.3). They are only decrypted/"unlocked" in-memory in OpenKeychain when used.
* We could use [SQLCipher](https://guardianproject.info/code/sqlcipher/), but I am unsure what attack scenarios this would prevent:
* Other apps already cannot access Openkeychain's data, this is enforced by Android's sandboxing
* If a malicious app executes an exploit and gains root access, it could also get the secret keys by reading OpenKeychain's memory
* We would require another password for unlocking the SQLCipher database, so more inconvenience
### So how to backup/synchronize keys? ### So how to backup/synchronize keys?
* Synchronize public keys with keyservers -> you achieve the same certifications on all good OpenPGP clients * Synchronize public keys with keyservers -> you achieve the same certifications on all good OpenPGP clients