From fb0908ffd10760f04a7d7b55ca4b82110ebe66c5 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 5 Sep 2022 13:46:12 +0200 Subject: [PATCH] Add explanation for secret key protector hint to documentation --- docs/source/pgpainless-core/passphrase.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/source/pgpainless-core/passphrase.md b/docs/source/pgpainless-core/passphrase.md index 2c370006..3127ab25 100644 --- a/docs/source/pgpainless-core/passphrase.md +++ b/docs/source/pgpainless-core/passphrase.md @@ -81,6 +81,7 @@ unlikely in this key-space. Furthermore, multiple OpenPGP keys could contain the same subkey, but with different passphrases set. If the same `SecretKeyRingProtector` is used for two OpenPGP keys with the same subkey, but different passwords, the key-id collision will cause the password to be overwritten for one of the keys, which might result in issues. +See `FLO-04-004 WP2` of the [2021 security audit](https://cure53.de/pentest-report_pgpainless.pdf) for more details. ::: Most `SecretKeyRingProtector` implementations can be instantiated with custom `KeyRingProtectionSettings`.