[guardian-dev] A critique of ProofMode

Dominik Schuermann dominik at dominikschuermann.de
Tue Mar 7 11:30:12 EST 2017


> 
> - Storing the key in a way that can't be exported from the device, even
> if rooted. I've been looking at the KeyChain API for this. Has anyone
> had experience storing app generated key data in this way?

FYI: https://doridori.github.io/android-security-the-forgetful-keystore/

In OpenKeychain we haven't done this due to usability concerns:
https://github.com/open-keychain/open-keychain/issues/1642

> 
> - Notarizing the key on a special cloud service (or keybase.io perhaps)
> to ensure it came from the actual ProofMode app and not a random PGP
> command line... again, any thoughts on somehow tagging the origins of a
> key to a specific instance or hardware?

OpenKeychain supports Linked Identities to link keys to Twitter/GitHub
etc. An alternative approach to keybase.io. We also wrote Linked
Identities down as Internet Drafts:

http://tools.ietf.org/html/draft-vb-openpgp-linked-ids-01
http://tools.ietf.org/html/draft-vb-openpgp-uri-attribute-01

> 
> - Not running proofmode when a USB device is connected, or when a device
> is rooted (We can detect both), or simply logging facts in the proof CSV
> file.

There is also Google's SafetyNet API. I think its closed source and I
don't like their approach, but you could look into it:
https://koz.io/inside-safetynet/

Cheers
Dominik

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20170307/cbf623f1/attachment.sig>


More information about the guardian-dev mailing list