QRL Security
The QRL provides means for secure communication and verification of various functions and features of the project.
From validating releases for the QRL wallet to providing a secure means to report security impacts and concerns, the QRL Security repo provides the Public PGP keys for the project.
The QRL security repo contains:
- The public key for security@theqrl.org
- Signed messages containing the hashes of some QRL releases in order that they may be verified
QRL network security issues can be directed to the QRL development team at security@theqrl.org
Should the matter be sensitive, PGP/GPG can be used using the public key contained in this repository.
While setup of secure email is outwith the scope of this repository, instructions to do so are below (thanks @jackalyst)
Instructions
Thunderbird
1. Setup private/public key
- Open Thunderbird v78 and above
- Go to Edit -> Account Settings
- Find the email account you want to use and select [email acct]-> End-to-End Encryption
- Click [Add Key]
- Create new OpenPGP key [continue]
- Define any parameters (defaults are fine), then [Generate Key] and [confirm]
2. Import security@theqrl.org's public key
- Open Thunderbird 78 and above
- Go to Tools -> OpenPGP key manager
- Select Edit -> Import Keys from URL
- Enter URL:
https://raw.githubusercontent.com/theQRL/security/master/security.theqrl.org.gpg.asc
3. Sending an End-to-end encrypted message
- Open Thunderbird 78 and above
- Compose a message to security@theqrl.org
- Select from the dropdown [security], "Require Encryption", and "Attach my public key"
- Send email.