Updated App Security (markdown)

dschuermann 2014-10-22 14:10:21 -07:00
parent 8a060f7356
commit c367db14ea
1 changed files with 2 additions and 2 deletions

@ -16,10 +16,10 @@ From ``./lint --show AllowBackup``:
### Why is OpenKeychain's database not encrypted?
* Public keys are public, why encrypt them?
* Secret keys contains private values in encrypted format, see above
* Secret keys contains private values in encrypted format, see above, encrypting them "again" on top of the encrypted private values makes no sense
* We could use [SQLCipher](https://guardianproject.info/code/sqlcipher/), but I am unsure what attack scenarios this would prevent:
* Other apps already cannot access Openkeychain's stored data, this is enforced by Android's sandboxing
* If a malicious app executes an exploit and gains root access, again: It can access the stored but encrypted secret keys, getting the private values requires reading the memory, this attack is not prevented by encrypting the database "again" on top of the encrypted private values.
* If a malicious app executes an exploit and gains root access, again: It can access the stored but encrypted secret keys, getting the private values requires reading the memory, this attack is not prevented by encrypting the database as they are in memory.
* We would require another password for unlocking the SQLCipher database, so more inconvenience
* The only argument, I can think of is protecting against root apps dumping the database and then gaining access to all public keys and thus a nice social graph, but hey, there are easier ways to get that information, maybe simply dumping the address database ;)
* SQLCipher makes sense for apps such as TextSecure or Threema to protect the **decrypted** messages, but OpenKeychain does not store anything besides keys.