# Security

## Cryptography Whitepaper

The algorithms and design decisions behind the cryptography are documented in
the [Cryptography Whitepaper](https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf).

## Reporting Vulnerabilities

If you find a security issue in Threema, please follow responsible disclosure
and report it to us via Threema or by encrypted email, we will try to respond
as quickly as possible. You can find the contact details at
[threema.ch/contact](https://threema.ch/contact) (section “Security”).

## Code Signing

Every commit in this repository is cryptographically signed using the following
PGP key:

    pub   rsa4096 2016-09-06 [SC] [expires: 2026-09-04]
          E7AD D991 4E26 0E8B 35DF  B506 65FD E935 573A CDA6
    uid           Threema Signing Key <dev@threema.ch>

The public key can be found at <https://oss.threema.ch/65FDE935573ACDA6.pub>.