From 5ae4b6f3cba151e4fd48088d0470f5695e668e7e Mon Sep 17 00:00:00 2001 From: Vincent Date: Thu, 19 Feb 2015 19:37:15 +0100 Subject: [PATCH] Updated Google Summer of Code 2015 (markdown) --- Google-Summer-of-Code-2015.md | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/Google-Summer-of-Code-2015.md b/Google-Summer-of-Code-2015.md index 341f34c..750fc5d 100644 --- a/Google-Summer-of-Code-2015.md +++ b/Google-Summer-of-Code-2015.md @@ -86,9 +86,19 @@ Because updating all your keys exposeds your social contacts, privacy problemds * see Internet-Draft http://www.ietf.org/id/draft-koch-eddsa-for-openpgp-01.txt * see GnuPG implementation -## More unit tests -* Serious test coverage -* (UI optional) +## Improve unit tests +Unit tests are important, especially for a security-related application like OpenKeychain. We have a reasonable amount of unit tests which covers critical parts of our crypto code for a total of 25% coverage. Testing on Android has come a long way since last year though, so this task is about exploring those new possibilities and seriously improving that coverage, including UI and API test cases. + +**Expected results:** Test coverage, possible use of more test frameworks + +**Knowledge Prerequisite:** Java programming + +**Skill level:** easy + +**Mentor:** Vincent Breitmoser + +**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or #openkeychain on irc.freenode.net + ## Tasker Plugin @@ -112,13 +122,7 @@ https://github.com/open-keychain/open-keychain/issues/841 **Mentor:** Vincent Breitmoser -**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) - -* certifications -* pubkey -> secret key for initial yubikey registration -* progressbar -* better error handling -* make as operation +**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or #openkeychain on irc.freenode.net ## Passphrase alternatives **Brief explanation:** The private key material in secret keys is usually encrypted with a string-to-key algorithm, that is, a passphrase. This passphrase has to be entered before each crypto operation can be performed. Even though caching is possible, typing passphrases on a smartphone can be quite the nuisance especially for common operations like sending a signed email or reading an encrypted one. Mobile devices have touch screens, nfc readers, and several other methods of input not available on desktop computers, which allow for alternative methods of passphrase input like lock patterns or NFC tags. Those concepts have advantages in convenience over passphrases, but also implications on security and require some careful thought to provide good UX with minimal loss of security. @@ -131,7 +135,7 @@ https://github.com/open-keychain/open-keychain/issues/841 **Mentor:** Vincent Breitmoser -**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) +**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or #openkeychain on irc.freenode.net ## Key Deletion UX/Revocation **Brief explanation:** When deleting a key the user should be asked to revoke the key if it is a secret one instead of just deleting it. Deleting a secret key should be considered an expert option, the average user should not do. Furthermore, revocation certificates should be supported in general. As part of the key generation process and for revoking a key at a later point in time.