Mirrors
/
open-keychain
mirror of https://github.com/open-keychain/open-keychain.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Google Summer of Code 2015 (markdown)

Dominik Schürmann 2015-03-03 17:56:48 +01:00
parent 3cfbb7e50b
commit 94d7e70bcb
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Google-Summer-of-Code-2015.md

@ -155,19 +155,6 @@ One proposed solution from [CommonsWare's Blog](http://commonsware.com/blog/2014
**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or over XMPP (Jabber-ID: dominik@dominikschuermann.de)
## Improved Yubikey support
**Brief explanation:** OpenKeychain has support for secret keys stored on a [Yubikey](https://www.yubico.com/products/yubikey-hardware/yubikey-neo/) for most crypto operations. However, there is no support currently for generating a new secret key on the Yubikey, associating a public key with the secret key material stored on the Yubikey, or exporting a secret key to a Yubikey. All of these operations require a [fairly difficult](https://www.yubico.com/2012/12/yubikey-neo-openpgp/) workflow on the command line using GnuPG and subsequent import of a stub secret key. Furthermore, there is no support for certification operations, which means that secret keys of this type can not be used to certify other keys, or edit/revoke its user ids and subkeys. Ideally, a user should be able to use his Yubikey without limitations using only OpenKeychain.
**Expected results:** Full support for certification operations, secret key import and export to and from a Yubikey.
**Knowledge Prerequisite:** Java programming
**Skill level:** medium
**Mentor:** Vincent Breitmoser
**Contact:** [Mailinglist](http://groups.google.com/d/forum/openpgp-keychain-dev) or #openkeychain on irc.freenode.net
## Passphrase alternatives
**Brief explanation:** The private key material in secret keys is usually encrypted with a string-to-key algorithm, that is, a passphrase. This passphrase has to be entered before each crypto operation can be performed. Even though caching is possible, typing passphrases on a smartphone can be quite the nuisance especially for common operations like sending a signed email or reading an encrypted one. Mobile devices have touch screens, nfc readers, and several other methods of input not available on desktop computers, which allow for alternative methods of passphrase input like lock patterns or NFC tags. Those concepts have advantages in convenience over passphrases, but also implications on security and require some careful thought to provide good UX with minimal loss of security.