From be7ab089f50e29a1fecf789f7ca276be0296cb25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 12 Mar 2015 15:16:22 +0100 Subject: [PATCH] Updated OpenPGP Security (markdown) --- OpenPGP-Security.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/OpenPGP-Security.md b/OpenPGP-Security.md index 06aa602..5aed7ce 100644 --- a/OpenPGP-Security.md +++ b/OpenPGP-Security.md @@ -1,7 +1,9 @@ -## Current OpenPGP security choices in OpenKeychain +## Keyserver Security * All pre-configured keyservers use HKPS * The default keyserver is hkps://hkps.pool.sks-keyservers.net using a pinned certificate (can be found in assets) * When updating a key from a keyserver, the fingerprint of the downloaded key is checked to match the fingerprint of the existing key + +## Current OpenPGP security choices in OpenKeychain * We never generate v3 signatures, always v4 * We do not import v3 keys (https://github.com/coruus/cooperpair/tree/master/keysteak) * If a v4 key is imported with a long key id that already exists in the database, the import is canceled. (see https://github.com/coruus/cooperpair/tree/master/pgpv4 for test keys)