# Security Policy This website publishes a security policy in accordance with: - [securitytxt.org](https://securitytxt.org/) - [draft-foudil-securitytxt-12](https://datatracker.ietf.org/doc/html/draft-foudil-securitytxt-12) ## Signature Verification The security.txt file in this directory is signed using [minisign](https://jedisct1.github.io/minisign/). The public key for verification is linked from the `security.txt` file in this directory. Download the following files to a local directory: - [`minisign.pub`](https://www.truestamp.com/.well-known/minisign.pub) - [`security.txt`](https://www.truestamp.com/.well-known/security.txt) - [`security.txt.minisig`](https://www.truestamp.com/.well-known/security.txt.minisig) - [`security-policy.txt`](https://www.truestamp.com/.well-known/security-policy.txt) - [`security-policy.txt.minisig`](https://www.truestamp.com/.well-known/security-policy.txt.minisig) - [`age.pub`](https://www.truestamp.com/.well-known/age.pub) - [`age.pub.minisig`](https://www.truestamp.com/.well-known/age.pub.minisig) and run: ```sh minisign -Vm security.txt -p minisign.pub minisign -Vm security-policy.txt -p minisign.pub minisign -Vm age.pub -p minisign.pub ``` The output should indicate a good signature, along with a trusted comment indicating the date of signature. ## Encrypted Messaging Encrypted messages related to security issues can be sent as attached files to the email address in the `security.txt` file. These files should be encrypted with the [age](https://github.com/FiloSottile/age) file encryption tool. The public key for encryption is linked from the `Encryption` section of the `security.txt` file. The public key found in the linked `age.pub` should be be treated as the canonical key rather than what is shown in the example below. Example: ```sh age -r age1rsemynmms6h99r56jrm37n74c2hqu6ynzwtlk43sjp4uhz48940qawmqvx -a message.txt > message.txt.age ``` ## Maintainer Signing The command for signing all security files (updating the date): ```sh minisign -t 'Signed 2021-09-21, security@truestamp.com' -Sm security.txt security-policy.txt age.pub ```