Add an SSL Certificate Pinning tab to the Guide.
authorSoren Stoutner <>
Wed, 23 Aug 2017 23:14:58 +0000 (16:14 -0700)
committerSoren Stoutner <>
Wed, 23 Aug 2017 23:14:58 +0000 (16:14 -0700)
app/src/main/assets/en/guide_ssl_certificate_pinning.html [new file with mode: 0644]
app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png [new file with mode: 0644]
app/src/main/assets/en/images/pinned_ssl_certificate.png [new file with mode: 0644]
app/src/main/assets/en/images/ssl_certificate_mismatch.png [new file with mode: 0644]

index 16a47ed125d6fcba24f5abe22dab3d5ad27760d9..f6ab929f06f0eaf89ae2c391444f29377097ebfe 100644 (file)
@@ -69,6 +69,7 @@
+      <w>mitm</w>
diff --git a/app/src/main/assets/en/guide_ssl_certificate_pinning.html b/app/src/main/assets/en/guide_ssl_certificate_pinning.html
new file mode 100644 (file)
index 0000000..429eb8d
--- /dev/null
@@ -0,0 +1,65 @@
+  Copyright © 2017 Soren Stoutner <>.
+  This file is part of Privacy Browser <>.
+  Privacy Browser is free software: you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation, either version 3 of the License, or
+  (at your option) any later version.
+  Privacy Browser is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  GNU General Public License for more details.
+  You should have received a copy of the GNU General Public License
+  along with Privacy Browser.  If not, see <>. -->
+    <head>
+        <meta charset="UTF-8">
+        <style>
+            h3 {
+                color: 0D4781;
+            }
+            img.title {
+                vertical-align: bottom;
+                height: 32;
+                width: 32;
+            }
+   {
+                display: block;
+                margin-left: auto;
+                margin-right: auto;
+                height: 640;
+                width: 360;
+            }
+        </style>
+    </head>
+    <body>
+        <h3><img class="title" src="images/ic_vpn_lock_dark_blue.png"> Know Where You’re Going</h3>
+        <p>When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server.
+            The purpose of the server identification is to prevent a machine located between the browser and the webserver from intercepting the traffic in transit, pretending to be the server, and decrypting the information as it is passed along.
+            This type of attack is known as a Man In The Middle (MITM) attack.  SSL certificates are generated by certificate authorities: companies that verify a server’s identity and produce a certificate for a fee.
+            Android has a list of trusted certificate authorities, and will accept any of their certificates for any website.
+            It isn’t supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.</p>
+        <p>The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain.  Any other valid certificate will be rejected.</p>
+        <p><img class="center" src="images/ssl_certificate_mismatch.png"></p>
+        <p>SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time.
+            As a general rule, pinning SSL certificates probably isn’t needed in the majority of cases.
+            But for those connecting to their own servers, or for those who suspect that powerful organizations may be targeting them directly, SSL certificate pinning can detect and thwart a MITM attack.</p>
+        <p><img class="center" src="images/pinned_ssl_certificate.png"></p>
+        <p>SSL certificates can be pinned in Domain Settings.
+            Besides protecting against MITM attacks, pinning a self-signed certificate for a device like a wireless router or access point will remove the error message that is normally presented every time its website is loaded.</p>
+    </body>
\ No newline at end of file
diff --git a/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png b/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png
new file mode 100644 (file)
index 0000000..60c5c16
Binary files /dev/null and b/app/src/main/assets/en/images/ic_vpn_lock_dark_blue.png differ
diff --git a/app/src/main/assets/en/images/pinned_ssl_certificate.png b/app/src/main/assets/en/images/pinned_ssl_certificate.png
new file mode 100644 (file)
index 0000000..a2f9518
Binary files /dev/null and b/app/src/main/assets/en/images/pinned_ssl_certificate.png differ
diff --git a/app/src/main/assets/en/images/ssl_certificate_mismatch.png b/app/src/main/assets/en/images/ssl_certificate_mismatch.png
new file mode 100644 (file)
index 0000000..59b7225
Binary files /dev/null and b/app/src/main/assets/en/images/ssl_certificate_mismatch.png differ
index 3bde5a16dfa722951a9e2ffc719f05b3bae32af4..ea19f3a3b4b9c8161c37cf7219fcc9cdf8f74154 100644 (file)
@@ -99,9 +99,12 @@ public class GuideActivity extends AppCompatActivity {
                     return getString(R.string.domain_settings);
                 case 5:
-                    return getString(R.string.tor);
+                    return getString(R.string.ssl_certificate_pinning);
                 case 6:
+                    return getString(R.string.tor);
+                case 7:
                     return getString(R.string.tracking_ids);
index 7cec388ba5b42c0a6f459995aa8ef528276b5f0a..2a9d0666f17eef6fdd8cd116291b03210fa608ff 100644 (file)
@@ -107,10 +107,14 @@ public class GuideTabFragment extends Fragment {
             case 5:
-                tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tor.html");
+                tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_ssl_certificate_pinning.html");
             case 6:
+                tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tor.html");
+                break;
+            case 7:
                 tabWebView.loadUrl("file:///android_asset/" + getString(R.string.android_asset_path) + "/guide_tracking_ids.html");
index c468a063ba715b1e15ad457cd8f72d8040c4ad4b..bb9bcfe6233cf14e6e193b9a81e0d8c0cc53a5b9 100644 (file)
     <string name="overview">Übersicht</string>
     <string name="local_storage">Lokale Speicherung</string>
     <string name="tracking_ids">Verolgungs-IDs</string>
-    <string name="planned_features">Geplante Features</string>
     <!-- Preferences. -->
     <string name="privacy">Privatsphäre</string>
index 04fdac90d4cacf45987462d8f0296f3cf8872e20..6c1ea32c6aee8bb5b0be6019a647b4e8d1bd3bb1 100644 (file)
     <string name="url">URL</string>
     <string name="url_label">URL:</string>
+    <!-- Pinned SSL Certificate Mismatch. -->
+    <string name="update_ssl">Actualizar SSL</string>
+    <string name="ssl_certificate_mismatch">No coincide el certificado SSL</string>
+    <string name="current_ssl">SSL actual</string>
+    <string name="pinned_ssl">SSL fijado</string>
     <!-- MainWebViewActivity Navigation Drawer. -->
     <string name="navigation_drawer">Caja de navegación</string>
     <string name="navigation">Navegación</string>
         <item>Imágenes habilitadas</item>
         <item>Imágenes deshabilitadas</item>
+    <string name="pinned_ssl_certificate">Certificado SSL fijado</string>
+    <string name="saved_ssl_certificate">Certificado SSL guardado</string>
+    <string name="current_website_ssl_certificate">Certificado SSL actual de la web</string>
+    <string name="load_an_encrypted_website">Cargar una página web cifrada antes de abrir la configuración de dominio para rellenar el certificado SSL de la página web actual.</string>
     <!-- Guide. -->
     <string name="privacy_browser_guide">Guía de Navegador Privado</string>
     <string name="overview">Visión general</string>
     <string name="local_storage">Almacenamiento local</string>
     <string name="tracking_ids">Rastreo de IDs</string>
-    <string name="planned_features">Funciones planeadas</string>
     <!-- Preferences. -->
     <string name="privacy">Privacidad</string>
     <string name="clear_form_data_preference">Borrar datos de formulario</string>
     <string name="clear_form_data_summary">Borra los datos de formulario.</string>
     <string name="clear_cache">Borrar caché</string>
-    <string name="clear_cache_summary">Borra la caché de WebView.</string>
+    <string name="clear_cache_summary">Borra la caché de WebView.</string>
     <string name="general">General</string>
         <string name="homepage">Página de inicio</string>
         <string name="default_font_size">Tamaño de fuente por defecto</string>
index c94d1443fe4a00931213a0d37454d0d71e72daf9..e278dd3a76fae49d6decfdddd33e741cca7b271f 100644 (file)
     <string name="overview">Descrizione</string>
     <string name="local_storage">Archiviazione Locale</string>
     <string name="tracking_ids">Tracciamento utenti</string>
-    <string name="planned_features">Funzionalità future</string>
     <!-- Preferences. -->
     <string name="privacy">Privacy</string>
index 4bb849c31086528e70a543e349a548c9855bac4e..8315ce56dce795c19b0b1e9710188691539d4047 100644 (file)
     <string name="privacy_browser_guide">Privacy Browser Guide</string>
     <string name="overview">Overview</string>
     <string name="local_storage">Local Storage</string>
+    <string name="ssl_certificate_pinning">SSL Certificate Pinning</string>
     <string name="tracking_ids">Tracking IDs</string>
-    <string name="planned_features">Planned Features</string>
     <!-- Preferences. -->
     <string name="privacy">Privacy</string>