2021-10-07 15:48:52 +02:00
|
|
|
<!--
|
|
|
|
SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
|
|
|
|
|
|
|
|
SPDX-License-Identifier: Apache-2.0
|
|
|
|
-->
|
|
|
|
|
2021-07-17 00:27:58 +02:00
|
|
|
# PGPainless-Core
|
|
|
|
|
2021-12-03 13:07:38 +01:00
|
|
|
Wrapper around Bouncycastle's OpenPGP implementation.
|
|
|
|
|
|
|
|
## Protection Against Attacks
|
|
|
|
|
2021-12-03 14:20:36 +01:00
|
|
|
PGPainless aims to fulfill the primary goals of cryptography:
|
2021-12-03 13:07:38 +01:00
|
|
|
* Confidentiality through message encryption
|
|
|
|
* Authenticity through signatures
|
|
|
|
* Integrity through the use of Modification Detection Code and again signatures
|
|
|
|
|
|
|
|
In short: Communication protected using PGPainless is intended to be private,
|
|
|
|
users can verify that messages they receive were really send by their communication peer
|
|
|
|
and users can verify that messages have not been tampered with.
|
|
|
|
|
2021-12-28 13:53:25 +01:00
|
|
|
This is being achieved by preventing a number of typical attacks on the user's communication,
|
2021-12-03 13:07:38 +01:00
|
|
|
like the attacker introducing an evil subkey to the victims public key, or the attacker creating
|
|
|
|
counterfeit signatures to fool the victim.
|
|
|
|
|
|
|
|
Due to its nature as a library however, it does not make sense to set up defences against all possible
|
|
|
|
attack types (see below).
|
|
|
|
So here is a threat model that best applies to PGPainless.
|
|
|
|
|
|
|
|
### Threat Model
|
|
|
|
A threat model that makes the most sense for PGPainless would be an evil attacker using PGPainless
|
|
|
|
through a benign client application (like an email app) on a trustworthy device.
|
|
|
|
|
|
|
|
The attacker can try to feed the application malicious input (like manipulated public key updates,
|
|
|
|
specially crafted PGP message objects etc.) but they cannot access the victims decrypted secret key material as
|
2021-12-28 13:53:25 +01:00
|
|
|
it is protected by the device (e.g. stored in a secure key store).
|
2021-12-03 13:07:38 +01:00
|
|
|
|
|
|
|
### What doesn't PGPainless Protect Against?
|
|
|
|
|
|
|
|
#### Brute Force Attacks
|
|
|
|
It was decided that protection against brute force attacks on passwords used in symmetric encryption
|
|
|
|
(password encrypted messages/keys) are out of scope for PGPainless.
|
|
|
|
PGPainless cannot limit access to the ciphertext that is being brute forced, as that is provided by
|
|
|
|
the application that uses PGPainless.
|
|
|
|
Therefore, protection against brute force attacks must be employed by the application itself.
|
2021-12-13 13:21:18 +01:00
|
|
|
|
|
|
|
#### (Public) Key Modification Attacks
|
|
|
|
As a library, PGPainless cannot protect against swapped out public keys.
|
|
|
|
It is therefore responsibility of the consumer to ensure that an attacker on the same system cannot tamper with stored keys.
|
|
|
|
It is highly advised to store both secret and public keys in a secure key storage which protects against modifications.
|
|
|
|
|
|
|
|
Furthermore, PGPainless cannot verify key authenticity, so it is up to the application that uses PGPainless to check,
|
|
|
|
if a key really belongs to a certain user.
|