Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated OpenPGP Security (markdown)

Dominik Schürmann 2015-03-12 15:16:22 +01:00
parent 96ac4c92a7
commit be7ab089f5
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
OpenPGP-Security.md

@ -1,7 +1,9 @@
## Current OpenPGP security choices in OpenKeychain ## Keyserver Security
* All pre-configured keyservers use HKPS * All pre-configured keyservers use HKPS
* The default keyserver is hkps://hkps.pool.sks-keyservers.net using a pinned certificate (can be found in assets) * The default keyserver is hkps://hkps.pool.sks-keyservers.net using a pinned certificate (can be found in assets)
* When updating a key from a keyserver, the fingerprint of the downloaded key is checked to match the fingerprint of the existing key * When updating a key from a keyserver, the fingerprint of the downloaded key is checked to match the fingerprint of the existing key
## Current OpenPGP security choices in OpenKeychain
* We never generate v3 signatures, always v4 * We never generate v3 signatures, always v4
* We do not import v3 keys (https://github.com/coruus/cooperpair/tree/master/keysteak) * We do not import v3 keys (https://github.com/coruus/cooperpair/tree/master/keysteak)
* If a v4 key is imported with a long key id that already exists in the database, the import is canceled. (see https://github.com/coruus/cooperpair/tree/master/pgpv4 for test keys) * If a v4 key is imported with a long key id that already exists in the database, the import is canceled. (see https://github.com/coruus/cooperpair/tree/master/pgpv4 for test keys)