From af8d04c66f44d8d08e5eb37ca6bdc91cfd7e5bf1 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Mon, 13 Dec 2021 13:21:18 +0100
Subject: [PATCH] Threat Model: add remark about secure key storage

---
 pgpainless-core/README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pgpainless-core/README.md b/pgpainless-core/README.md
index 68b27096..82a7fcf0 100644
--- a/pgpainless-core/README.md
+++ b/pgpainless-core/README.md
@@ -43,3 +43,11 @@ It was decided that protection against brute force attacks on passwords used in
 PGPainless cannot limit access to the ciphertext that is being brute forced, as that is provided by
 the application that uses PGPainless.
 Therefore, protection against brute force attacks must be employed by the application itself.
+
+#### (Public) Key Modification Attacks
+As a library, PGPainless cannot protect against swapped out public keys.
+It is therefore responsibility of the consumer to ensure that an attacker on the same system cannot tamper with stored keys.
+It is highly advised to store both secret and public keys in a secure key storage which protects against modifications.
+
+Furthermore, PGPainless cannot verify key authenticity, so it is up to the application that uses PGPainless to check,
+if a key really belongs to a certain user.
\ No newline at end of file