securedrop.org icon indicating copy to clipboard operation
securedrop.org copied to clipboard
verified publisher icon freedomofpress

Monitor for fingerprint changes on source interface metadata pubkey endpoint

Open redshiftzero opened this issue 7 years ago • 0 comments

There is a metadata JSON endpoint on the source interface that shows the fingerprint of the SecureDrop instance's public key. For example, accessing http://3expgpdnrrzezf7r.onion/metadata on Feb 5, 2018 showed:

{"sd_version": "0.5.2", "gpg_fpr": "07587F1335BC781EF78414F896731F2147B14B05"}

We should send an email alert to admins and FPF when we see that fingerprint change. An attacker that compromises a SecureDrop server may inspect memory to view the plaintext of submissions, alternatively they might replace the valid public key with a public key corresponding to an attacker-controlled private key.

This would be high priority to implement if https://github.com/freedomofpress/securedrop/issues/92 is ever implemented - as inspecting memory would no longer be possible, and attackers would be forced to replace the public key.

redshiftzero avatar Feb 05 '18 13:02 redshiftzero