Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated App Security (markdown)

Dominik Schürmann 2015-07-08 13:43:29 +02:00
parent 3c60341419
commit d2d827a397
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
App-Security.md

@ -21,6 +21,13 @@ From ``./lint --show AllowBackup``:
* The only argument, I can think of is protecting against root apps dumping the database and then gaining access to all public keys and thus a nice social graph, but hey, there are easier ways to get that information, maybe simply dumping the address database ;)
* SQLCipher makes sense for apps such as TextSecure or Threema to protect the **decrypted** messages, but OpenKeychain does not store anything besides keys.
### Anyone can delete my secret keys!
Yes.
* Anyone can simply delete the app data from Android OS without a passphrase
* Asking for a passphrase before delete would prevent you from deleting keys where you forgot your passphrase
### Why ask for passphrase when exporting?
It is not required cryptographically, but prevents simple stealing of your keys.
### So how to backup/synchronize keys?
* Synchronize public keys with keyservers -> you achieve the same certifications on all modern OpenPGP clients