Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Google Summer of Code 2015 (markdown)

Vincent 2015-03-10 14:19:24 +01:00
parent 55ebbd50c1
commit 9351022f19
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Google-Summer-of-Code-2015.md

@ -85,22 +85,6 @@ OpenKeychain supports elliptic curve cryptography, but only the ECDSA and ECDH a
**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or #openkeychain on irc.freenode.net
## Backup/Restore
**Brief explanation:** While OpenKeychain contains an "export all keys" functionality, there is no easy way to backup/restore all keys, especially the secret keys. Implementing such backup functionality requires a careful evaluation of existing approaches, such as [Whiteout.io's key sync](https://blog.whiteout.io/2014/07/07/secure-pgp-key-sync-a-proposal/) and scenarios proposed on the [ModernCrypto Messaging mailinglist](https://moderncrypto.org/mail-archive/messaging). Also solutions integrated into TextSecure and Threema should be looked at. We could imagine a backup via IMAP (see [SMS Backup Plus](https://github.com/jberkel/sms-backup-plus)) with periodic reminders. But that is only one option. Google's cloud or proprietary solutions should be avoided. A related issue is the transfer of an initial GnuPG key to OpenKeychain. Could this also be done using IMAP or other exchange protocols protected by a Password Authenticated Key Exchange (PAKE, see Firefox Sync)?
**Expected results:** Backup/Restore functionality.
**Priority:** high
**Knowledge Prerequisite:** Java programming
**Skill level:** hard
**Mentor:** Dominik Schürmann
**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or over XMPP (Jabber-ID: dominik@dominikschuermann.de)
## Passphrase alternatives
**Brief explanation:** The private key material in secret keys is usually encrypted with a string-to-key algorithm, that is, a passphrase. This passphrase has to be entered before each crypto operation can be performed. Even though caching is possible, typing passphrases on a smartphone can be quite the nuisance especially for common operations like sending a signed email or reading an encrypted one. Mobile devices have touch screens, nfc readers, and several other methods of input not available on desktop computers, which allow for alternative methods of passphrase input like lock patterns or NFC tags. Those concepts have advantages in convenience over passphrases, but also implications on security and require some careful thought to provide good UX with minimal loss of security.
@ -149,6 +133,22 @@ OpenKeychain supports elliptic curve cryptography, but only the ECDSA and ECDH a
**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or #openkeychain on irc.freenode.net
## Backup/Restore
**Brief explanation:** While OpenKeychain contains an "export all keys" functionality, there is no easy way to backup/restore all keys, especially the secret keys. Implementing such backup functionality requires a careful evaluation of existing approaches, such as [Whiteout.io's key sync](https://blog.whiteout.io/2014/07/07/secure-pgp-key-sync-a-proposal/) and scenarios proposed on the [ModernCrypto Messaging mailinglist](https://moderncrypto.org/mail-archive/messaging). Also solutions integrated into TextSecure and Threema should be looked at. We could imagine a backup via IMAP (see [SMS Backup Plus](https://github.com/jberkel/sms-backup-plus)) with periodic reminders. But that is only one option. Google's cloud or proprietary solutions should be avoided. A related issue is the transfer of an initial GnuPG key to OpenKeychain. Could this also be done using IMAP or other exchange protocols protected by a Password Authenticated Key Exchange (PAKE, see Firefox Sync)?
**Expected results:** Backup/Restore functionality.
**Priority:** medium
**Knowledge Prerequisite:** Java programming
**Skill level:** hard
**Mentor:** Dominik Schürmann
**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or over XMPP (Jabber-ID: dominik@dominikschuermann.de)
## File Decryption Screen
**Brief explanation:** Currently the file decryption screen in OpenKeychain only allows to decrypt one file at a time and only allows saving of decrypted files into the filesystem. While this is okay for simple scenarios. The decryption process could result in many files being decrypted. Either when multiple files are shared together using Android's [ACTION_SEND_MULTIPLE](http://developer.android.com/training/sharing/receive.html#handling-content) or when the OpenPGP data structure contains many parts. Thus, the screen should be extended for multiple files. A list of files should be displayed like done in the encryption screen that with the options save/open per file item. To get the right content type and decrypt the filename the new internal DECRYPT_METADATA functionality of OpenKeychain should be used. The real payload should be decrypted when save/open is clicked. Furthermore the recipient's key user id should be displayed inside the item.
A related problem are [hidden recipients](https://github.com/open-keychain/open-keychain/issues/626): The OpenPGP standard allows to prevent the disclosure for whom a file/message is encrypted for. This feature should be implemented in the encrypt screens as well as displayed per file item in the new decryption screen.