Opened 4 years ago

#57 new task

Signed and encrypted config files

Reported by: Silvio Rhatto Owned by: Silvio Rhatto
Priority: major Milestone: hardened
Component: security Version: 2.0.0
Keywords: Cc:

Description

Setup signed and optionally encrypted files for recipients, options, etc.

Consider if keyringer should sign all recipients and check if the OpenPGP signature made in the recipient file matches one of the OpenPGP fingerprints stored inside the recipient.

Also, consider to encrypt a recipient just to the listed OpenPGP fingerprints.

While this doesn't guarantee that an attacker having write access to a repository cannot sneak an OpenPGP fingerprint inside a recipient file, it's an additional check.

Maybe some other complex signature chain check could be built to ensure recipient files were not tampered.

Change History (0)

Note: See TracTickets for help on using tickets.