From ea3b5a616a3b0e4782b0181951569ca8f2f99cf9 Mon Sep 17 00:00:00 2001 From: Hugo Date: Tue, 17 May 2022 03:46:15 -0400 Subject: [PATCH] Added iOS app and made some minor grammar edits (#138) * Added iOS app and made some minor grammar edits * Add PGPro logo picture --- .../docs/01-best-practices/01-PGP-guide.md | 16 ++++++++++++++-- .../sensitive-data-PGP-guide/PGPro-logo.png | Bin 0 -> 12609 bytes 2 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 docs/assets/images/sensitive-data-PGP-guide/PGPro-logo.png diff --git a/docs/_pages/docs/01-best-practices/01-PGP-guide.md b/docs/_pages/docs/01-best-practices/01-PGP-guide.md index 83e5d860..5ed458ff 100644 --- a/docs/_pages/docs/01-best-practices/01-PGP-guide.md +++ b/docs/_pages/docs/01-best-practices/01-PGP-guide.md @@ -15,14 +15,26 @@ Learn how to use OpenKeychain to cipher sensible data during RoboSats trade. Since RoboSats works over the TOR network all communication is end-to-end encrypted. This helps prevents data in transit from being read or tampered by man-in-the-middle attacks. Also, the TOR protocol ensures that the user is connected to the domain name in the browser address bar, in this case the official RoboSats tor address(robosats6tkf3eva7x2voqso3a5wcorsnw34jveyxfqi2fu7oyheasid.onion). However, in RoboSats v0.1.0 the data is transferred as plain text through the front-end and the back-end of the application. This behavior allows the possibility that sensitive data exchanged regarding fiat payment information could be captured by a malicious sniffer on either party's computer or even on the RoboSats server at application abstraction layer. This would represent an attack to the privacy of the owner of the data. Even if RoboSats chat was completely encrypted at every step, you should still not trust that the sensitive data is encrypted. The best practice to avoid this problem is to use asymmetric encryption during the exchange of sensitive data, this guide shows a method that guarantees sensible data confidentiality using the PGP standard. -## OpenKeychain app. +## PGP Apps -OpenKeychain is an open source Android app that allows to create and manage cryptographic key pairs and sign or/and encrypt/decrypt text and files. OpenKeychain is based on the well established OpenPGP standard making encryption compatible across devices and systems. For a list of compatible software for Windows, Mac OS, and other operating systems check [openpgp.org/software/](https://openpgp.org/software/). Since the concept is the same, this method can be replicated using any another application. OpenKeychain app can be found at F-droid.org [[Link]](https://f-droid.org/packages/org.sufficientlysecure.keychain/) or at Google play store [[Link]](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain) +### Android +OpenKeychain is an open source Android app that allows you to create and manage cryptographic key pairs and sign or/and encrypt/decrypt text and files. OpenKeychain is based on the well established OpenPGP standard making encryption compatible across devices and systems. OpenKeychain app can be found at F-droid.org [[Link]](https://f-droid.org/packages/org.sufficientlysecure.keychain/) or at Google play store [[Link]](https://play.google.com/store/apps/details?id=org.sufficientlysecure.keychain).
+### iOS +PGPro is an open source iOS app that allows you to create and manage cryptographic key pairs and sign or/and encrypt/decrypt text and files. PGPro is based on ObjectivePGP which is compatible with OpenPGP. It can be found on their website [[Link]](https://pgpro.app/) or the Apple App Store [[Link]](https://apps.apple.com/us/app/pgpro/id1481696997). + +
+ +
+ +### Other +For a list of compatible software for Windows, Mac OS, and other operating systems check [openpgp.org/software/](https://openpgp.org/software/). Since the concept is the same, this method can be replicated using any another application. + + ## Encryption schema. In most cases, the sensitive information we would want to protect is the seller's fiat payment information, i.e. phone number, PayPal account, etc. So, the image below shows the encryption scheme that ensures that the seller payment information can only be read by the buyer. diff --git a/docs/assets/images/sensitive-data-PGP-guide/PGPro-logo.png b/docs/assets/images/sensitive-data-PGP-guide/PGPro-logo.png new file mode 100644 index 0000000000000000000000000000000000000000..d9242c330fbf34e97e9d09f0fbd11f8d6c936c18 GIT binary patch literal 12609 zcmd^F3p`X?+h1d7T*|l%ikOOADwIg6jB?y7Bq?3y6hcmPQ_^Isj!Q~TB!@00BBh#B z5v5FS4V8rCTH{jgGQt>U&)(mfI_JH7zxO?-I`8j$zxVqV`!>(oYp>_Bp7np8weSYK z6(~5`I@kgN0RVgW2k z)fflvNcM!w{M;{C8HPUwiqaB50uTwafP^A}s7Sy|0TuRAitwp?dJUck5=2R+0zn%rP}vWWIQbh4ptfws!Uoj&AGR*L!T(=;`I{v%}ZVf9Jma z!3Pe8911=DV?<#-_IRj(6`nySjUNhdvIEjPl0>;}c@Opawp(1<#*3`)_9YV z`!dFkeG_MYVeGGbH3MrP@u?6cpq7Y4s3}QUq)1ZYLXswZD$>6e*-u4IT&Db`;II(_ zYy-YL3I0!!A<6uO_Qf~&8)(Qg@Fp;sNPxyfR0K4D4wt9TN>2;d`M-Lh;V;p_G%<(& zdrvgH8tqFceCIA2X2P$5Ra?@h;!N2h!;;+!=KlS~e=6mI?ab~`&6O2@@asBzmhs~ikjJV}4 zQtEU1Q+8Zccz*Ao^m0!%dgq)IJ|zFemQgo>A;r~7>KhL#UI#mT{z2?3&}&eT^~Os6 zU-9thZY!%_G-TJ&Ss;q#2_5~J5ofpV^q3Y?TYwF5NWM_ z;YR0{yDKQ+d~eCHwEO|zHl&2EXj>idmQo!o70C9l9e6L=D08bf28_#<;oz5~es+iC zKI7w;YxEcx4(wAl=}L}C$G#8q3+OP8=JFg*9&iZ6C?OTq;|5;0il;d<)fTlX3Q7a` zb7BCtzHlz~9MLG0GmRJYm8dQ7@7`^;)On;}(ul6#M`g=+Da*RnL{V&|r1|_uk4gjP ztu^qlBP5>XtsosEXM}~JhjDN$grOt2l4Q{perB0+`x5iT0gHz-TkH>sMt^y{Dz*Kj zzoug@K$gAoV4+?Dl_B$1yJ-2NL(2At7t9R0L$?t&&n=^tO@93SP~93$e~{;%n2Cb#ep+Lpv&yiuWu|aIBpzwdO{5$T`>g z{_A!`%rliwXdyfaE9d^giVic^pldO#)ztNlj*%if#tx?ZLb|e~b1~W4U|L`_`7O23 zlFajs2%`!@Yl|;Ut{KRQ)h#=)B4FoH#UlYL?&rjn_ z-;=fOJJ$$zSFx=wmdIdA#OVLSL*9;~MdU@5rcQYyu;W;`7v8?|)@XKK{+7pDFJi~e z)L(z_)8i2{fsAldSjk&m!4yMIEQ8`(&ycRVpQ(N1ZBjljX{lYM+TxAj#Jl0UH%%B^ zA3Ja^kAHUq*IKhIw{#cf<GcwsX~Fs{T~}=+Sn_$t{@WYMEPKOVN zyw=}-Vx`U=rtJ0W^ChyTg56TPxpH9|A--*D;WmlS4wMXw}YkTl*T^FWA<2?#)zdYITYu5EWm)OW)8uee-4; z#gT*V*ba6gbt+a%r=o|o^G=|LZdOhIu~XV8rG{{+crIeNK;RME(%W>iFWERKFmU=u z&y5!=&>0VZyi`ri@KE5MhO#}Kx-?mU-OOT@(tf1#*5QESKWv?e`twHA zZ(f^8cdL$S{P5F3-@F4Kuizlu6mb*<2t0;T+pa#jC>;{j_T+w0wpG4z@l~J7yXL$q zx$X8snX}9Gmd%(`-n)0&1|{j` zHi$X*URD3iVBs=BV=#M)jZPtHX!5P5{TK2YeBWPsVT%KAM)d+=1!vxkfQePCMS}ah zf)d)aFlqo*9`#T-Y`9+Hq&}$FWid<{N~msU%pZNHCBr1YJE(gq?AW^*Z12&zf)yfUvu=#jnLbnd0q298)(}-ysHo zq9?IWlF!)M0NS4PJ(=DR3X;FM5_>2 zS@fM5UJsg`?5Okdmaf@YzQlfoHO?_qKgcL6ptvK(?J@7Nb}W3x`eU| z+V2lntQ(aMiFKC8uHU3rzPOgX)3Y-p_(q?(8=cNwHKt~6F7JKL-+O8Do4DC0mgt6C zP^X8CJ)tTw9D>^ir}yTmzqlFF7~lSWOkwFP<2R?xFp3LB{@8uP-;r-WgES=f1ewfm z3TVdxp|@V$GTU!&Li0UyqeBh~=p9>b>1o+i$M%o<1o$SR=Hte z9A~(_g@64(^G^HYohh|@%D-O{;xI2gao&CHL3PZ0B-U%)OEag{`>YF6N?d+PHZlyn z*}|E((DvZmbomvM9wW&@Rjf`G$?-kv$=MRpI>d_VIKA9cs`zA9)zhRi#y&rtvN)|M z==PXF-3f=ur=c=#hy$q=0@akNh#cvK*bWXllz2~B)VN%g zEuW{36`{M@4D~pd6kapbZatY@J6bTUKag??O}M<$?m^cK{tR`@ju z!HGSb`fZhnFwEnmoq}zGZ#ol4HeoUeJdCD-y}T20{lk1drciVB(b|$3TefU(GA^B4 zUh*bjLW@-qC(s#;I9J;?7K`ra8SeFbRG6yKfo*KG?o=RW_Qln(H+FvtJ#J7bf+Txh zP-L#NYQXTxUFLQQ?g`^_uu8J2u_k0f`{Yo8@GWXLqYuR~iN*uoik$90H)%+wT%@xSG z{9F;-`pBvTc%4&KyPu*svQhH-av;HW{45Ptmlr0xjW@nbTlih7vZt-~y`iw=pe)UF z@McqIQ&4GibzFhRh%-H&&Rb8Dy;*;hF{Q)4wyQRG(?ttA4sYv99T(@!Zki`R7k`s_ zKN|%R#>*vtKHw*as5mGx9m%L=`#dsvXQbg;H@Y;_GC!$;^fB6ln>ZAND!);oc~?oD zLG9LhjhffiH?0$oIpEQ%hN?K1e%y&n&mm8adTyZ?)sYYwqV%>>djaQ~eGMB47{3Qm zc*3fWVRaAMZ?`WucCg`7eW#!mO!ANVUzo87VP@|E_Z!ZCVfDyqD$Xs+OAKW=uTr_+(2v1qUF4D zowt`2wZmtsQPaL-oL3PS$mO!Bm{zRN5eHT5NH&jdi~|U(M(pS@2+s{^a$5QN=1s&G z2c#{WP=1pCk#>W&@2kt^%@|*FK1!-CE?FN_qG;_Ul_LsBE0dkmRcdIoMU}3wg1NE9 zz#+-{o@#={nPba7)~sTlF3=2U&r5uFAbuqbf_8YtJG_f`)=2^SUoOSp)jtArFAv~E zk_>SWbca3^fX0{@oOL0>i8s^Liu{Enf@q1@VrcJb&|fVkpOq8PJ}A)RpeY{5Xdkq3 zkWsI~kNrGQ(ATiGgES5ze-T^E{#3EWoXsB3h87c#gNg=06jt=W8A~t(jM)&QnZOwj zVz#IHgmH?un?92S!>d(k;ne>L5*a3Ya=tZw`Yiw>_cUWNgE-JlXpIv__`S( z6-r?_`&|t~@$)EyGRyij8?rjnG1*nls991p(ysx*eUC}~2#a26hf>aCYo3+T_)}_- zkz_w&EBfc+yWjfvEde4KCKrBzf;pe>n(soq<5!XSff7go{jf&`5gHL-Da81JZMJPz z@?T#ma2oM`_woRD)75)z$Xe$^dJj#$_fY{+$RUUpB1OxQzmr*C2UVcgqTC!-Q79AH zsTXO3Rky?&*iw7yHCKQbp+&f?epI3iRTnv;3D~?v7}KI@Gs4Zpfh@>|iTI7eDL6nUs^Ht_Q3J~|n0KN6rmmM_?}sHBfyCao?Qpw#1EZGZyiARUyUwvWSz=037ap4nc&S1>!V>Pxl%M3Ftkbr=B=kKY$ zTOn~lM$e~<^nS&#`S)Cd#-^5?YCrk&{k-!ZB+iH+t&g{rO&`*c#qJjp7&_I3Bvh9- zR&rBIXMOE}E6c||VR+`~gtF5E~k$BYUa~uKOChxiZOkc0Xt(z(R zFdFGf!2x$x+${2VXX;q_H9w|wSY;4YQvxyI+Y@l29Sck1~t}?$`Att~Sg=x|*oMHU!$HWeIlV zGBmvaOl5Bj$Pk^sid5a8jSYxt3s>VH)t)xk1Pym{yKNdY&V#*Y8;Gf)#v>EHv%7y z?_+9*Dus-nJyYB1h~=^U29JBvILMFcI4BXVp#+>ic`$X=#c;!2S;ZMQ-?=q+j&G`) z78Qy)+?tv4qJ5Lol?9cOv6QUP?8|c=3y(=NrL(TI=(p$-{J!!+gjt8H-vpkuvU!W7 zZxt?LSl+v6ZD$;_e_il$+1&maG1%kmaUhU(MvZAvbp9g0)QL?~5c$L=t7eL3gtDu8ASC0Xx?9gQ^JLkt4DhDPYadVY9Cc)!lg z#IJ%$s$K>CLO9iCA@l~|2<3T-i63F)pOVDUX8O0u;yzCqb4o2?2{lZeMTU`V)&xeg zlzJpyIfH>80*dGm>PCVBQBG%jARJPYkVS-b!!24Lsm5+M2O zf6yx6Nv8_7a{q?Ak^liuAi*6vQaBxsx@PF9d-j`&qFxegC@$Z0&^bw*8l){0g{j)x zd7EJj){`xq!s=jm^dV)Vf>^P%??Y+Vx{%Jo1^!jyRi`kx>|ZHfgnIYYKZwC{+&3(S zLQ#+~r@WFlp~ili$S9J1TOC_!3Gz^SP!yHFsQZ)UZ{Pn_?(J_~qQ}sip)vS@(jcKm zaFxg?rjtiC}QeDVu7bSy_&$!OBwvXqPNLjg3vL0$(mz+VUR z_OBnrzYTiKqL7AE91z6)MX?_IxpWQ<;)Zb}96-d-zpI`$@?an)4|+D@!w|V;^9H(=yCWo-XjdgnhnijpH(M{tsg2FdK+@9a52OB z{?X$cS<{ z9$(t}@s6$aT=H%!GZ7M2nX0}&D2`29wtPs*n*cI2{i%K2_Dm8i%_RXZH`BrNaA3Q z1k9RW?vpI7-EiDWeZM<-V2d$^7{d6V7baDyO)0*p2&QBZ57bXWq+%y@7Q@DT+91s1 z#~Sm`UBm&+1>r*csSXNk+_36e9CYTARJUyO$HDRr7`Si*FQroEu$u;ut{h~n0n+HX zp0J`H?A&E5^5^~fe3TW`J298_O)8{ohooOv=<6}f(9o^i&AsMH>Jfd( zMn)O&hc1lz&))tVQPrt`&CcZv9O*D_N-A@8*r)7=Db;LwaVCB4ho()(_v|i_aA*u^ z-DNZGk-dGPJ%Q$;x8NFp7HYeqKIjj=ltaeyD3F*)b*tBt6$U zd+2ygT3Yz*Z>T6|(0VH@*W}HMbUB@H`J(dcIWAIFd0UVwe`F8_v+DG`H&B&_kiiZl zc5PZX^j3ab$>TxhA~a|y1FL=nt?UHUGo-qvg&X6*pNmvI$HCYr`$>|}%>|OPhc^;7Q!TE+;JP12Q-aP1M)bN}b*`k&0q)Hsp4RKRgiYh9QCM zK_L!?+#xXAiR{|R9u@{eL*?QiCIf4N5&y&>++tFJgR=GR6hgKr4~G0zA}%KB0DoGG zgTOx8h{8i0JU&4aT(3wAH^V_*E^9*iEzK;UcZ;*sujuCq>Y6oes0G@Nvs_ zS1XNFUOY^c9fJ)ERK!g<;XuYb8tI;!g|u#lb+*AeY+iyO4m;Kqg-KPyp4LEA>)P%- zA=gV2sF~wHZG)-Hq&~s<(lr@6b-9z=UYWIAp+0`(m26UW+G#z_