# security.txt



Créer le fichier security.txt sur https://securitytxt.org

```bash
Contact: mailto:bruno@clicclac.info
Expires: 2026-09-05T18:00:00.000Z
Encryption: openpgp4fpr:2D5E 6C77 2EC1 15C8 21BD  6D8A 4B92 F1D5 84F5 513F
Preferred-Languages: en,fr
Canonical: https://photos-nas.ovh/.well-known/security.txt
```

Créer une signature numérique:

```bash
gpg --output security.txt.sig --armor --detach-sig security.txt
gpg: using "2D5E6C772EC115C821BD6D8A4B92F1D584F5513F" as default secret key for signing
```

Vérifier la signature:

```bash
gpg --verify security.txt.sig security.txt
gpg: Signature faite le Jeu  5 sep 15:35:53 2024 CEST
gpg:                avec la clef RSA 2D5E6C772EC115C821BD6D8A4B92F1D584F5513F
gpg: Bonne signature de « Bruno Pesenti <bruno@clicclac.info> » [ultime]
```

Ajouter la signature au fichier security.txt

```bash
cat security.txt.sig >> security.txt
```





```bash
gpg --clearsign -o security-signed.txt security.txt
gpg: using "2D5E6C772EC115C821BD6D8A4B92F1D584F5513F" as default secret key for signing
```

```bash
gpg --verify -v security-signed.txt
gpg: enabled compatibility flags:
gpg: en-tête d'armure : Hash: SHA256
gpg: nom de fichier original : «  »
gpg: Signature faite le Jeu  5 sep 16:02:58 2024 CEST
gpg:                avec la clef RSA 2D5E6C772EC115C821BD6D8A4B92F1D584F5513F
gpg: utilisation du modèle de confiance pgp
gpg: Bonne signature de « Bruno Pesenti <bruno@clicclac.info> » [ultime]
gpg: signature mode texte, algorithme de hachage SHA256, algorithme de clef rsa4096
```

```bash
mv security-signed.txt security.txt
```

```bash
cat security.txt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Contact: https://photos-nas.ovh/contact/
Expires: 2026-09-05T18:00:00.000Z
Encryption: openpgp4fpr:2D5E 6C77 2EC1 15C8 21BD  6D8A 4B92 F1D5 84F5 513F
Preferred-Languages: en,fr
Canonical: https://photos-nas.ovh/.well-known/security.txt
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEELV5sdy7BFcghvW2KS5Lx1YT1UT8FAmbZuhIACgkQS5Lx1YT1
UT9hsg/6AjjR0ASQ1UA0rHwVeKw7WOlLJv1lkdypKi5Sou1sYZcM3sFNwq1T/KX8
lkgy3Y0uAH2QJ/nbsyhyNi5tHI2oA1zhF7U/l9ovRD3esQGoZ0iRIFRKzoKwNsBb
yxOzS1BJEvH3ntE2QwcTCBPx5D8RNBcIa3xK8DnrZCfkIU3tm49yRNyFo+MUWDZw
f0ASIWFwvPrB3oKdB9orzwQHq2UtwIK8yPkeZV2Tbe3OuN0utVSaqeSXDyNewCDI
ziorAnjl5TL41Lo3UtO69ByYB2yCHaIgGr/9EK19fZG7jx/AcD8wCQ5FKdj8woQB
KwCEu4PqoHpi8yncHAUZPsrH9XHTm5GegeGHU6/uguzDw4jc5Nxg/ARpDvD/337m
iWKoA7UXoffmGNizyGiP//zkzkp4wTStD9G8i9TA3BSSKIFtHQqYFqYQlJQEopRd
ju8KIHPORXxyR1GX58V0UUJ2Gtzk4AHRS5/XqAqSHyQyI9YK0O79iufx6nGW+zkR
c1MmVp4YkhQcHB5NbWH0XC/6lOn5jfx7hNfQDbPBemPOpBZ2n9V13ckxhgynlurh
hBNQQT526cZmxhLTXWrSRcuFiWjtpi8CgJaWMw7ebhncLb1dHlebq8cispqJn2vK
+v6pgoN0aJvtKZC8ugHi62SniVaX22B55QQDbfhGFvlhWnzJSl4=
=8KJk
-----END PGP SIGNATURE-----
```



### Content Security Policy (CSP)

https://content-security-policy.com/examples/

https://www.magentix.fr/blog/strategie-de-securite-du-contenu-content-security-policy.html



Ajouter l'entête:

```html
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; img-src https://*; child-src 'none';">
```

```php
<?php
	header("Content-Security-Policy: default-src 'self'");
?>
```



### HSTS

https://hstspreload.org/