Encedo HEM API Developer Manual
  • Welcome!
  • Preliminary
    • Quick Start
    • General information
  • Security
    • Report an issue
    • Advisory
      • Hall of fame
  • Reference
    • API Reference
      • System
        • Version & Status
        • Checkin
        • Configuration
        • Upgrade
          • Firmware
            • Low level USB mode
          • Management app
        • Self-test
        • Reboot
        • Shutdown
      • Authorization
        • Initialization
        • User authentication
        • External authenticator
          • Registration
          • Authentication
      • Key Management
        • Create a key
        • Derive a key
        • Import a key
        • Update a key
        • Delete a key
        • Get a public key
        • List the keys
        • Search a key
      • Cryptography operations
        • HMAC
        • ExDSA
        • ECDH
        • Encryption
          • Encryption/Decryption
          • Wrap/Unwrap
      • Audit log
      • Storage
Powered by GitBook
On this page
  • How to report
  • PGP key for submissions
  • Responsible disclosure guidelines
  • Supported product versions
  • Bug bounty program
  1. Security

Report an issue

This page hosts our security policies and information with regards to reporting security flaws.

PreviousGeneral informationNextAdvisory

Last updated 2 years ago

Learn more about how Encedo aims to offer the best security in the Encedo HEM product line here.

How to report

If you have discovered a security issue with Encedo HEM, please read our responsible disclosure guidelines and contact us at . Your report should include:

  • Product version

  • A vulnerability description

  • Reproduction steps

A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. The fix will be applied to the master branch, tested, and packaged in the next security release. The vulnerability will be publicly announced after the release. Finally, your name will be added to the as a thank you from the entire Encedo community. Read our threat model to know what is expected behaviour.

PGP key for submissions

In order to facilitate secure submission of security issues, we provide the following for confidential submission:

  • User ID: Encedo Security Team <>

  • Key ID: 1CF143E5

  • Fingerprint: 99E8 3939 183F C609 E64C A1AA BA1B 7E74 1CF1 43E5

  • Key server link:

  • Direct link to the key copy (use if the MIT server is busy):

Responsible disclosure guidelines

Encedo Limited (developer of the Encedo products line) kindly requests that you comply with the following guidelines when researching and reporting security vulnerabilities:

  • Only test for vulnerabilities on your own personal device(s).

  • Confirm the vulnerability applies to a supported product version.

  • Share vulnerabilities in detail only with the security team.

  • Allow a reasonable time for a response from the security team.

  • Do not publish information related to the vulnerability until Encedo Limited has made an announcement to the community.

Supported product versions

At the time of writing, we support the whole Encedo HEM product line (Encedo PPA and Encedo EPA in all versions and variants).

Bug bounty program

At the time of writing, our company is a small startup but we are fully aware of how the industries of hackers and security researchers work. The format bug bounty program is in the plan, do not hesitate to contact us anyway. We will do our best.

security@encedo.com
hall of fame
PGP key
security@encedo.com
https://pgp.mit.edu/pks/lookup?op=get&search=0xBA1B7E741CF143E5
https://encedo.com/security_hem.gpg