## page was renamed from gpg4all
= Contract 'Gpg4all' 2015

== Goals

* Maintenance and development of Gpg4win: 
  Adapt it to new versions of Windows and Outlook. 
  Consider current cryptographic recommendations. 
  Integrate GnuPG 'modern'. Clean up Kleopatra.
* Research: How can GpgOL do MIME? 
  How can the existing implementation be made more secure?
* Research: How could GnuPG and email/file end-to-end security be brought
  to webbrowsers and android devices?

== Timeline and Results
Scheduled contract time line: October 2015 - October 2017

Resulting software improvements or software designs 
will be developed within the upstream Free Software initiatives
and thus be reflected in their roadmaps like [[Gpg4win/Roadmap]].

Parts of the research will be done in public, using this wiki for instance.
The full documents to complete the contract will be in German. 
It is planned (but not guaranteed) to publish them under a CC-BY-SA
license.

During FrOSCon (August 2016) the 
[[https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2016|BSI published]] 
the following studies (in German):
* [[https://www.bsi.bund.de/DE/Publikationen/Studien/OpenPGP/openpgpandroid.html|Nutzung von OpenPGP auf Android]]
* [[https://www.bsi.bund.de/DE/Publikationen/Studien/OpenPGPWebanwendungen/openpgpwebanwendungen.html|Nutzung von OpenPGP in Webanwendungen]]
** cited in [[https://posteo.de/blog/unsere-vorabinformation-zum-neuen-test-der-stiftung-warentest]]

== Workpackages

* WP1.1: GpgOL
** Feasibility study: MIME support for MS Outlook
** Feasibility study: Exchange support for MS Outlook
** 64-bit version of GpgOL for MS Outlook 2010/2013/2016
** Test plan 
* WP1.2: Improve Kleopatra
** Initial setup dialog
** Initialization of OpenPGP smart cards
** Associate file extensions with Kleopatra
** Auto import of missing certificates
** Easier setting of owner trust after import
** Improvements in several certificate related function and dialogs, e.g.
*** Creation of revocation certificates
** Update Kleopatra to Qt5 and KDE Frameworks 5, reduce KDE dependencies, add more languages for Kleopatra
** Test plan
* WP1.3: Gpg4win: general improvements
** Notification of available updates
** Pinentry: show/hide passphrase in clear text
** Revision of the compendium (German language version)
** Update GnuPG to 'modern' (v>2.1). Allows e.g. [[ECC]].
* WP1.4: Extended Quality assurance of Gpg4win
** Estimation for an automated build and test environment for Gpg4win
** Some additional automated tests
* WP2: Study about using OpenPGP in web browsers
** Technical requirements
** Analysis of available plugin/addon interfaces in Firefox and Chrome
** Description of available plugins/addons implementations providing OpenPGP
** Recommendations, including effort estimation and risk when
   improving an existing Free Software implementation or developing a new one.
* WP3: Study about using GnuPG on Android
** Technical requirements
** Analysis of Android. How to integrate a crypto "service" based on GnuPG?
** Description of available Android implementations using OpenPGP
** Recommendations, including effort estimation and risks when
   improving an existing Free Software implementation or developing a new one.


== Principal BSI

In 2015 the German Federal Office for Information Security 
([[https://www.bsi.bund.de/EN|BSI]]) contracted 
[[https://intevation.de|Intevation]] and
[[https://g10code.com|g10 Code]] for the 'Gpg4all' project.
The [[http://lists.wald.intevation.org/pipermail/gpg4win-users-de/2015-April/000787.html|public tender]]
was published in April, work started in October.

== Team
The German companies Intevation GmbH and g10 code GmbH are the main technical
drivers behind Gpg4win and GnuPG. For the tasks at hand they have secured
additional expertise and help by the following subcontractors:

* Thomas Oberndörfer ([[https://www.mailvelope.com/|Mailvelope GmbH]])
* Dominik Schürmann (TU Braunschweig, [[https://www.openkeychain.org/|OpenKeychain]])
* Vincent Breitmoser ([[https://www.openkeychain.org/|OpenKeychain]])
* Oskar Hahn 
* [[https://www.kdab.com/|KDAB (Deutschland) GmbH & Co. KG]]


== Contact
Prefered: via the public channels of
[[https://gpg4win.org/community.html|Gpg4win]] or
[[https://gnupg.org/documentation/mailing-lists.html|GnuPG]].

Alternatively send email to 
[[mailto:emanuel.schuetze@intevation.de|Emanuel]] (~69~A911FC)
or 
[[mailto:bernhard.reiter@intevation.de|Bernhard]] 
([[http://intevation.de/~bernhard/bernhard_gpgkey.asc|EFF5D42A]])
from Intevation. Encryption appreciated. ;-)