From: Soren Stoutner Date: Wed, 23 Aug 2017 23:14:58 +0000 (-0700) Subject: Add an SSL Certificate Pinning tab to the Guide. X-Git-Tag: v2.5~4 X-Git-Url: https://gitweb.stoutner.com/?a=commitdiff_plain;h=6a240a3d02f43dae2ae30962958db6927a8bab2a;p=PrivacyBrowserAndroid.git Add an SSL Certificate Pinning tab to the Guide. --- diff --git a/.idea/dictionaries/soren.xml b/.idea/dictionaries/soren.xml index 16a47ed1..f6ab929f 100644 --- a/.idea/dictionaries/soren.xml +++ b/.idea/dictionaries/soren.xml @@ -69,6 +69,7 @@ listview logins lossless + mitm mozilla navigationview nojs diff --git a/app/src/main/assets/en/guide_ssl_certificate_pinning.html b/app/src/main/assets/en/guide_ssl_certificate_pinning.html new file mode 100644 index 00000000..429eb8da --- /dev/null +++ b/app/src/main/assets/en/guide_ssl_certificate_pinning.html @@ -0,0 +1,65 @@ + + + + + + + + + +

Know Where You’re Going

+ +

When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server. + The purpose of the server identification is to prevent a machine located between the browser and the webserver from intercepting the traffic in transit, pretending to be the server, and decrypting the information as it is passed along. + This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee. + Android has a list of trusted certificate authorities, and will accept any of their certificates for any website. + It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.

+ +

The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other valid certificate will be rejected.

+ +

+ +

SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time. + As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases. + But for those connecting to their own servers, or for those who suspect that powerful organizations may be targeting them directly, SSL certificate pinning can detect and thwart a MITM attack.

+ +

+ +

SSL certificates can be pinned in Domain Settings. + Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.

+ + \ No newline at end of file diff --git a/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png b/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png new file mode 100644 index 00000000..60c5c166 Binary files /dev/null and b/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png differ diff --git a/app/src/main/assets/en/images/pinned_ssl_certificate.png b/app/src/main/assets/en/images/pinned_ssl_certificate.png new file mode 100644 index 00000000..a2f95187 Binary files /dev/null and b/app/src/main/assets/en/images/pinned_ssl_certificate.png differ diff --git a/app/src/main/assets/en/images/ssl_certificate_mismatch.png b/app/src/main/assets/en/images/ssl_certificate_mismatch.png new file mode 100644 index 00000000..59b7225e Binary files /dev/null and b/app/src/main/assets/en/images/ssl_certificate_mismatch.png differ diff --git a/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java b/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java index 3bde5a16..ea19f3a3 100644 --- a/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java +++ b/app/src/main/java/com/stoutner/privacybrowser/activities/GuideActivity.java @@ -99,9 +99,12 @@ public class GuideActivity extends AppCompatActivity { return getString(R.string.domain_settings); case 5: - return getString(R.string.tor); + return getString(R.string.ssl_certificate_pinning); case 6: + return getString(R.string.tor); + + case 7: return getString(R.string.tracking_ids); default: diff --git a/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java b/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java index 7cec388b..2a9d0666 100644 --- a/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java +++ b/app/src/main/java/com/stoutner/privacybrowser/fragments/GuideTabFragment.java @@ -107,10 +107,14 @@ public class GuideTabFragment extends Fragment { break; case 5: - tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tor.html"); + tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_ssl_certificate_pinning.html"); break; case 6: + tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tor.html"); + break; + + case 7: tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tracking_ids.html"); break; } diff --git a/app/src/main/res/values-de/strings.xml b/app/src/main/res/values-de/strings.xml index c468a063..bb9bcfe6 100644 --- a/app/src/main/res/values-de/strings.xml +++ b/app/src/main/res/values-de/strings.xml @@ -182,7 +182,6 @@ Übersicht Lokale Speicherung Verolgungs-IDs - Geplante Features Privatsphäre diff --git a/app/src/main/res/values-es/strings.xml b/app/src/main/res/values-es/strings.xml index 04fdac90..6c1ea32c 100644 --- a/app/src/main/res/values-es/strings.xml +++ b/app/src/main/res/values-es/strings.xml @@ -84,6 +84,12 @@ URL URL: + + Actualizar SSL + No coincide el certificado SSL + SSL actual + SSL fijado + Caja de navegación Navegación @@ -196,13 +202,16 @@ Imágenes habilitadas Imágenes deshabilitadas + Certificado SSL fijado + Certificado SSL guardado + Certificado SSL actual de la web + Cargar una página web cifrada antes de abrir la configuración de dominio para rellenar el certificado SSL de la página web actual. Guía de Navegador Privado Visión general Almacenamiento local Rastreo de IDs - Funciones planeadas Privacidad @@ -300,7 +309,7 @@ Borrar datos de formulario Borra los datos de formulario. Borrar caché - Borra la caché de WebView’. + Borra la caché de WebView. General Página de inicio Tamaño de fuente por defecto diff --git a/app/src/main/res/values-it/strings.xml b/app/src/main/res/values-it/strings.xml index c94d1443..e278dd3a 100644 --- a/app/src/main/res/values-it/strings.xml +++ b/app/src/main/res/values-it/strings.xml @@ -204,7 +204,6 @@ Descrizione Archiviazione Locale Tracciamento utenti - Funzionalità future Privacy diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 4bb849c3..8315ce56 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -216,8 +216,8 @@ Privacy Browser Guide Overview Local Storage + SSL Certificate Pinning Tracking IDs - Planned Features Privacy