From be58cc300eb4b2f224ee84dacd2ff07c2b04a223 Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Tue, 28 Nov 2023 10:21:15 +0200 Subject: [PATCH 1/3] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index ec49cffb..54814394 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # PID Issuer +:heavy_exclamation_mark: **Important!** Before you proceed, please read +the [EUDI Wallet Reference Implementation project description](https://github.com/eu-digital-identity-wallet/.github-private/blob/main/profile/reference-implementation.md) + [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0) * [Overview](#overview) From 435b1792d443261a727482d4ec0765065bd1fd2b Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Tue, 28 Nov 2023 10:21:44 +0200 Subject: [PATCH 2/3] Update SECURITY.md --- SECURITY.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 0bc76878..784218fb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,9 +20,9 @@ reporting vulnerabilities, as well as what you can expect from us in return. * E-mail your findings to EC-VULNERABILITY-DISCLOSURE@ec.europa.eu, specifying whether or not you agree to your name or pseudonym being made publicly available as the discoverer of the problem. * Encrypt your findings using - our [PGP key](https://sks.hnet.se/pks/lookup?search=EC-VULNERABILITY-DISCLOSURE%40ec.europa.eu&fingerprint=on&op=index) + our [PGP key](https://pgp.mit.edu/pks/lookup?op=get&search=0x6773AACDF09F6628) to prevent this critical information from falling into the wrong hands. -* Provide us sufficient information to reproduce the problem so that we can resolve it as quickly as +* Provide us with sufficient information to reproduce the problem so that we can resolve it as quickly as possible. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient, but complex vulnerabilities may require further explanation in terms of technical information or potential proof-of-concept code. @@ -33,7 +33,7 @@ reporting vulnerabilities, as well as what you can expect from us in return. ## Please do not do the following -* Do not take advantage of the vulnerability or problem you have discovered, for example by +* Do not take advantage of the vulnerability or problem you have discovered, for example, by downloading more data than necessary to demonstrate the vulnerability, deleting, or modifying other people’s data. * Do not reveal any data downloaded during the discovery to any other parties. From e4a414f5e82567254a8c5f0207165fc656107ad6 Mon Sep 17 00:00:00 2001 From: Dimitris ZARRAS Date: Tue, 28 Nov 2023 10:24:25 +0200 Subject: [PATCH 3/3] Add missing files in security. --- security/.well-known/security.txt | 6 ++ security/pgp-key.txt | 99 +++++++++++++++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 security/.well-known/security.txt create mode 100644 security/pgp-key.txt diff --git a/security/.well-known/security.txt b/security/.well-known/security.txt new file mode 100644 index 00000000..3bc357e6 --- /dev/null +++ b/security/.well-known/security.txt @@ -0,0 +1,6 @@ +Contact: mailto:EC-VULNERABILITY-DISCLOSURE@ec.europa.eu, +Expires: 2025-12-31T23:59:59.000Z +Encryption: https://github.com/eu-digital-identity-wallet/eudi-srv-pid-issuer/blob/main/security/pgp-key.txt +Preferred-Languages: en +Canonical: https://github.com/eu-digital-identity-wallet/eudi-srv-pid-issuer/blob/main/security/.well-known/security.txt +Policy: https://github.com/eu-digital-identity-wallet/eudi-srv-pid-issuer/blob/main/SECURITY.md \ No newline at end of file diff --git a/security/pgp-key.txt b/security/pgp-key.txt new file mode 100644 index 00000000..029e8906 --- /dev/null +++ b/security/pgp-key.txt @@ -0,0 +1,99 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: SKS 1.1.6 +Comment: Hostname: pgp.mit.edu + +mQINBGB0SvgBEADdvQmw+kfNqunbTXwui3uLdF9HymnTyGUREsCn3bxdFDcdY2WfThI/7Sfz +pRI8cr4Zcl9ZQPHkg+t0Yx59wQMWxGGB/jZ7+xZ7YnwPeESFDX2/zq3dC9PyCvAiTI8H6nFQ +APNfn+wq5JsLwRcG4F9NFH93U1Q4rGhiCHFx+yvBIB8W19b6T87Nh1Ikhpkl7z/1bAfgccHK +EtbU//9k3dj3YvKvQrp/BzRIVwDRBTqFKKRi/aL6fvC0IsFYJKZab9OvdXlyD5/wUJYrYtQE +zAPwc/m11bNPBJvNLYqz3gs5s8XOVz6Crqrvsb5qLkB12nZt7G+Mry3rDizqGi2jCUyt6jaf +ARF8kD3+oohp2isFrEuY/3hHK/6Sbas//toruXLa4gZvGq9TdwGST/bZechibDUaGT9UWyaj +EgDI9xQ8rbPzqh98U3c+5xFmyyETryHqtUHqKkpm3JA6hb/s3r+XxKmWd1IlcjgMr7mJtnwY +zwNDfEfMzH2AwAPdDB4Ru1qaJMRaxfX6hGqXdtj+0CSPE2eOgYgB24dSFIhjF8kmvnydopaa +n8nPmV7Vv4nxo2dIqJvcfkrakZMAlmtLHAg64SFkGAkrxaOzNiRXtTP8EjM/p7AktnXeYuGQ +c56O/FsCCCPmEVRIHsWEC1EGKBrOxiYmR9OfRUaq/hBHJ3PTtQARAQABtEZFQyBWVUxORVJB +QklMSVRZIERJU0NMT1NVUkUgPEVDLVZVTE5FUkFCSUxJVFktRElTQ0xPU1VSRUBlYy5ldXJv +cGEuZXU+iQEzBBABCAAdFiEEXpWfQC94SQf0rZEnsot02u2nX4kFAmJDCj0ACgkQsot02u2n +X4mQfAf/Wz10UmEmdu169u3xvkfMcUO2bkkC7OzsZyO1hEp9LUD0Xb1uZOT3pRJtvC3HN5n0 +EI4XB1dg69qC7i7no0glPut3wRkpUnQqu4Eeel3TlJVbl/6bwgqra8YvUY+9AvV6T0KRShyn +vZe7Hn7b0FGySobZKptrSxh5AUzTPr1mfWi75KvwV1WyT7dbJ1+3McEBaephWi4GUCar631s +bl14CaLqqwuE7VTDJkpSvNU8Xenb/ZXtG/Xq7mgBc+Z1Ed2psNRm9LnuTfzRzr9C2OXLeL+g +DvALUO47SOAb55KViZ+c3U0zD/uppOkqo06BYOzV92jhGhOdDWsJPExJKUQSRYkBMwQQAQgA +HRYhBF6Vn0AveEkH9K2RJ7KLdNrtp1+JBQJiQwu/AAoJELKLdNrtp1+JXvEIALjAXjg1CA0Z +vvXiL7eDOU+Ur9nCvTBLStuwCtAPBgbaaKPhuRTviS+uxQepEfsvoUawQgOnd1Xp9OAbKiUp +LgsBdBQw6hsisFtvHtw+cimwv05EXmc83esZKrSx1A4rzQxM/wVc/bfnS9BbPfWIvNwyRnSj +JlFsIvlbI+rrk05mZU3EMipjTca3EhQdVhHOcF5mq+gIhwyhLGs8UpTmd3n0fnom4Ogtn6XO +f0hAa1WkKezS3jPjZ9StcR+LFA8ThtUpuMG4JArsihgAnD7h9HAscSo0DtUVqdl5H36UgH/H +VUFAvqWBffmjc4nwRtW9GvcfPQAEkVvczoy4somirquJATMEEAEIAB0WIQRelZ9AL3hJB/St +kSeyi3Ta7adfiQUCZOX8hwAKCRCyi3Ta7adfibonB/4q73G/63vyCDTIIUfcmx+OAe/FZnkM +KjXFnlch1p8dMKBLqHd4anj8BnOYHSyBA1uGDPhivYeNE0LX8DZ25qTCw6MDHxeUjl7yDrOW +4cUMVtY/aCFQkNJkD8own5Nyf4Al5QBfFyUWT0BmZBqLdcSZpsB5ATD6XoippVvJX/QYen6s +xymdBnq1zvkTb6e9EtBi+OSUFdsUsHS+Z3P49LUDrYiIbHjScPAMI779opVWx0ShsGYgJlmn +VoGXP8ggGg0VYJZwF4O4zi2Dh+vZZr5gnc2raX5ZQ2bqG8BWktNABPWxCSb/j7litSKsGdF4 +E5M8XtPZAPNv3QlgoKp4sNl+iQJUBBMBCAA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA +FiEER2BObTDbig6L3gVdZ3OqzfCfZigFAmJmt6AFCQPUAmYACgkQZ3OqzfCfZiiLXxAAvU1g +ljMEfSSOfCIYDFWb8BLRiYiEnrkA/0QvL9Ul49qw0ZT0JVMH0FcAKDWL2injESEiqQeae9v+ +AuH9KtgW5dFML6zX5eZjC6E4nGcMGTCuUNwvhxiUqjtBixmu9dnuvJGmgxZn/dMpMfByYYve +EcbdKmU7ZzK4h0WFL5nX4c2WF50v4W9LhZ6EjZHTjIZy2QrVdsr2qiTFfya8/DPV0HmPoCrI +SIE/UIZc3FoUFnZB2VnMYhBnZKMNRgSAiogHW7ilg9NUTAs9ztVX7ln39fEIpT9vs0bbLF8y +G4cHrzIgrTu2Ft88xN6KhP1JE8UWwlsDMU7peyXAvtwBoloIiH/Vm7TxNfCYsxJYO/TA7div +6XVT/RcatTFPRf7eIZnFDL39lStfc14CtsQZbhA5hNl+IV2TLgo7NH8ZOpeTMeR88g2Jrlwc +cUFi204F1bYVpc4CnKhed4frhD5D9/dfBIND869o4z+fA7lKw7eQ3zm3ZEiA/Jsu4bdk6VKC +cVFPGQ8r0yDOiDgae8FXYkiuuPKE0a66Nf69dL27qTRTWzjTwnWwtSq6oTGnH7jX5qyjHRU9 +mNlpDoUJkhnpuaX3fj6AOEIr9+gs6t89GwFAUG+cH0UbBMuQwVVRX+MzfAKnuTH1WDKXa9T+ +TkQB6TY/O/+2kR6kZFmXhHAsoREXayCJAlQEEwEIAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwEC +HgECF4AWIQRHYE5tMNuKDoveBV1nc6rN8J9mKAUCZFyuVwUJBcpN5wAKCRBnc6rN8J9mKAe2 +D/4jnI1u48JUrI5F/GSlVTiJPOf699TzFwOLayIxGAHZol5+pRRdCzEUr2GFENV1VNS6oo1d +E0UQ6ygWdFye48crD5jzMccLCsAiHSBVDRugJNMVjTJnrOwVTdvpDHLSpEm9uYze6RnvrVcY +KRnEmhf8erxAYbM5UBhTnneKfhVVVEMyJ3a6UcYPBPHOL64sYH1bhdC0MBxIkZLu8CeikGwI +oudNKx/ns+GLlnnGJ38RHxVysiwGW9bZSwicaFN9HNRtv8S3JjQrrrS3ujTCOE9BbjySII05 +QY/2XddcBIB2UfJmPHRi8wZix6Lut3szrRQc/eHzeY+lu1Q95pvqMQH4m2G/wQtdf1n3qvNa +CzGtd3qnePN+Ndep7GvRXL8upd3FEDe5wu1GB6ZnuKadQkGAejgRYp5qMC4kEgD2M3QT9vYc +DFI8El5pM4X3ESMim7RuMn1lL7NMrDPvlltY6fTBfTe5cud3pxikTiIiOkHhgtp8QLVbDNEe +auGbhJuejYfuITYpvqUhmg3j3yoa0cd+DLKkVSTKoTCLu31oXiJLBJ2zQuSHZU/GOF3jRw7Z +RtbgdTRcIFMXROO650PsPdp8VsXFpLuulO9nGElDtYUuq0Ia2dYlhxLqcPrZdxBRL19fPbZJ +AXkrkAL66Dms5d3q/dWkcLtF32BNa7mRDr8UaYkCVAQTAQgAPhYhBEdgTm0w24oOi94FXWdz +qs3wn2YoBQJgdEr4AhsDBQkB4QKoBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGdzqs3w +n2YodkEQAJevULEYkA7Wu8C8kNIdH/FMCAGx3PAY0AiKzoUH2r5juX4SrxnFQA+G+sFXHJ9q +9adUQ7hju/0S9lA5uF4EGW7IxfQ5vJFDTh12sz9qPr9Pz58QVZTBtMfwWwVpH7+ePtapMG9Z +enb/dMI7/GYkNpvBr+cqQPyF2L3ddzGkqKtjvme04vgMVx6MInmdW5Mf2+lUjbCOM6KUiZU+ +SCku4fRuA+Wnvq5GmWbVOIXmXK8VEUx0Xnp7aG1gpOXrkgykNh/67j2drjoFDsInkaU1Z8vc +IYhoXOVeIz0YegY8DEMEia3kFFjNH5wXGUy3l1jbtzMvlwgn/Ly/KNeY8ME//lUSB8U/Fan9 +4mYpVo521tG35mz71zaS5VfL3scnjaGU9QdoqdB4eLwNp0seZHDE5014hgUsbB5OMOflCxVI +clBV9FN4SEosaJ5XIyVfCYe83j3+49BtI34wu32G2oiyB4eiH6+YJoGS6BA+o2f3lM0QOW92 ++b8BPlSK2fE2cmTxPzjGslaoVibdRhWIfLPTPZVMJU8KcoiTPk9C5zmdbPM/+eUzUgVQ45j6 +NDJ0voCWz4GF7XP79DYekzw72kv93sIRiWku1wguKmNmaH+cSymXHY75EIGTEwPtEYPUVktv +IMvCqd2YmMh+cUqVx5uAeV7iRmZHyAZ8uhhQgt5xVCpKuQINBGB0SvgBEACo+WXBBrNKr9Cz +dYwOyEy1uRRhxgS5DrYbdbqp8FfSTTlgNFWGhOBwt5feKUd2SKvPEihYAKT5OSsFTs3U1uFf +lE/zzsMbAUgt3cOGaRTEpPJ8dTjyPKkrY+8O0YnD6g3lH677zVRwfukXs8h77n1FYLWwvwQM +TQImLprKokWEp2+Q9dJQuNddHHGATkMEQ6+TSVt+B8Yi73FZzG96sCkMUH8isjXm0OV5/lsA +rSOjt61I2X6sz42wcEbpCqnWCp6HVe/+uqi1d2if9XhmNBy5FXuKP0cJXRoUPLoPXp/g1FYM +N9qgNUpet1m5zNCg2RR1cf8SlmrroO6ox5rUoiVu7yopY+iX9bQbiV3kwLHUZiG8rliAGaeu +SXXDe0vOJ/IWekmFBI8OVLI37hLitCHjKdiDPHhTMcjj4Bumm1H8kL2Ft8EkaTi99Jj59LbO ++vfLsTxigmjTv07AniS2FB3kDRY8ArR90pDMaA0ZF/At9z3jaoIZP1/R8N9SCieRcNCTuvF+ +n2CmADOdiZfVX40/Mg3Spce4oBAC/FwRr3cQskeP6950dHIAqNox507eALVyo+Ya3xsjecMS +I0j+QntIuMh6b5SxwpuQVadGM45LGI//63eOkqREHgzxWwIJLs4V2Qn0flvV3QjbucjrMLkn +dtUWg14Oy1LGN3bZvLsyqwARAQABiQI8BBgBCAAmAhsMFiEER2BObTDbig6L3gVdZ3OqzfCf +ZigFAmTl/FcFCQXKTeYACgkQZ3OqzfCfZigzHhAAwHWjZKv/kTOudm0e2uEfehcOZOKsOiJv +GOYRNUezcHZKqjfaLeicieQCZ/JWOiCmiI4Z7S1qZIC3fb6WRmOtsC5sCU9K7Ko7KRJHjwZK +0xff6PWXCpR4CCtpyt6iYeDFu+ENEuhdbSBfwEW043gZCEvOhGn7RL499N7kfnXq04k060gv +PgliM2roVmAtBT8DSak0Dt+FrdLnioPjqJb0F9GYOrnndCnkJyNFIXNIMcEm2HDWed6rxP8t +pRMx/bsrFbM/ZbDOUqMJO4uJ/AXvprhUDrHxWWC5VW6gucIVCmMNtwvFd47DzkXglWgnjLqC +oEXlQcmJ624jy6+f43iZH98BYIM3GyqtK5NaG1Eez6LTWOH4ZtMJr6/lcBtOZPUuJn8vtUhw +sZaZ/56Ua2eVWm+db3yyQltApjDBQuC+nN0XuIyleeSVfDJZ6u6Hb0v9OklnhcNpNH0Fog2k +zM8R/B034Ig8ymTIqITYv7Vh2eVHpwtwmUQypcBw5eMRdOOCcF2whICQAnQZLoZlqMnmwXa1 +LTbtKumieyISSxYoFMbGAkKrPF6ABeOGdQbFaZh/KSoginRqslvBxCcbDwnkYxaWYkzQacF9 +N4Wlm1aXQFgmhPTyAFRk6KJYXP5ojVPHQaii6J5UqjUN9f92rYu3MI9Efem3eGv0SG4N3fO1 +sYGJAjwEGAEIACYWIQRHYE5tMNuKDoveBV1nc6rN8J9mKAUCYHRK+AIbDAUJAeECqAAKCRBn +c6rN8J9mKKd3D/9dIzmTr+snTXT4pU0aa8+p0Nj6AMkZjJHdLCWcL/56l+S4g4akdOUfWI4Z +ufCNXKJ4GcLde8UWX7Zhr9xq/00a8sbsupmk4pLinJgwC6Tmg6KHWGb4ScRV3z+2TWuhhkeT +WWIvnscxmXjuXWecRJ9nbwUcFZ7zl26P72eOmK1Omvmhm+dTqt4UyhKnBoIQ0BA45hNrOvWy +9Pp702LO/BhI4Su1EFfjJ9jiqXuEsXab90Q+ig3PauRgJ95nWB8tGPKMGDnooZSTve5gtjGw +6W2FJbL7HFKYZZCM95+ROYO6D9XJr78hZ2ocOhDuTwU1oGy1hUpCm29h2BfKUiqeYkHZ9w/s +tyk5TyD1Ca5RsIbEFqUtiVJdhMcQuaT0WQYcVzXUKyiiOlOxbjVhWZ0WtkOsuCQWkHUAbRUs +1NGsBldo31jQxTE/M+AIxEB0X0z0Pz/WxK4RQeMlK1qm3MraaZ9hh8gNyvfojvgEE7P/Mqv4 +PMNoqregEBqhVMzilk6eVAcY3axs/HLu7iqgJar+NqlEfklar1pm0ls9XJcn/vfv7XRAHWnm +tpKeHLVpEEpZjDf5hAgU0BjxecC9pSOu5S12OYa4NQ6P49Kb2IIZRvxooSzH7MF4gIfi7/8C +ItKxho+oBdJyG5cUpedCHB/YwNJFTpLfSlXItLxW2AxOqtfzDg== +=wS9M +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file