github.com/keybase/client/go@v0.0.0-20241007131713-f10651d043c8/updater/SECURITY.md (about) 1 ## Security 2 3 In the future, we will be looking to integrate with [TUF](https://theupdateframework.github.io/) 4 in order to make updates more secure. In the meantime, this document describes 5 what the updater (in the context of the Keybase application) protects against. 6 7 The updater may not protect against certain attacks. 8 9 - Rollback attacks: The updater doesn't prevent an earlier update from being applied 10 - Indefinite freeze attacks: An attacker could reply with old metadata 11 - Endless data attacks: An attacker could cause the client to download endless data 12 - Slow retrieval attacks: An attacker could prevent an update by being slow 13 - Extraneous dependencies attacks: The updater doesn't know about dependencies and will only download and apply a single asset 14 - Mix-and-match attacks: An attacker could mix metadata (use an old asset with new update) 15 16 The Keybase updater does do the following (to prevent basic attacks): 17 18 - Uses TLS with a pinned certificate for api-1.core.keybaseapi.com (update source) for metadata 19 - Uses TLS to download asset 20 - Verifies asset digest (SHA256) 21 - Verifies asset saltpack signature (key IDs are pinned)