Contract 'Gpg4all' 2015

Goals

• Maintenance and development of Gpg4win: Adapt it to new versions of Windows and Outlook. Consider current cryptographic recommendations. Integrate GnuPG 'modern'. Clean up Kleopatra.
• Research: How can GpgOL do MIME? How can the existing implementation be made more secure?
• Research: How could GnuPG and email/file end-to-end security be brought to webbrowsers and android devices?

Workpackages

• WP1.1: GpgOL
  • Feasibility study: MIME support for MS Outlook
  • Feasibility study: Exchange support for MS Outlook
  • 64-bit version of GpgOL for MS Outlook 2010/2013/2016
  • Test plan
• WP1.2: Improve Kleopatra
  • Initial setup dialog
  • Initialization of OpenPGP smart cards
  • Associate file extensions with Kleopatra
  • Auto import of missing certificates
  • Easier setting of owner trust after import
  • Improvements in several certificate related function and dialogs, e.g.
    • Creation of revocation certificates
  • Update Kleopatra to Qt5 and KDE Frameworks 5, reduce KDE dependencies, add more languages for Kleopatra
  • Test plan
• WP1.3: Gpg4win: general improvements
  • Notification of available updates
  • Pinentry: show/hide passphrase in clear text
  • Revision of the compendium (German language version)
  • Update GnuPG to 'modern' (v>2.1). Allows e.g. ECC.
• WP1.4: Extended Quality assurance of Gpg4win
  • Estimation for an automated build and test environment for Gpg4win
  • Some additional automated tests
• WP2: Study about using OpenPGP in web browsers
  • Technical requirements
  • Analysis of available plugin/addon interfaces in Firefox and Chrome
  • Description of available plugins/addons implementations providing OpenPGP
  • Recommendations, including effort estimation and risk when improving an existing Free Software implementation or developing a new one.
• WP3: Study about using GnuPG on Android
  • Technical requirements
  • Analysis of Android. How to integrate a crypto "service" based on GnuPG?
  • Description of available Android implementations using OpenPGP
  • Recommendations, including effort estimation and risks when improving an existing Free Software implementation or developing a new one.

Timeline and Results

Scheduled contract time line: October 2015 - October 2017

Resulting software improvements or software designs will be developed within the upstream Free Software initiatives and thus be reflected in their roadmaps like Gpg4win/Roadmap.

Parts of the research will be done in public, using this wiki for instance. The full documents to complete the contract will be in German. It is planned (but not guaranteed) to publish them under a CC-BY-SA license.

Principal BSI

In 2015 the German Federal Office for Information Security (BSI) contracted Intevation and g10 Code for the 'Gpg4all' project. The public tender was published in April, work started in October.

Team

The German companies Intevation GmbH and g10 code GmbH are the main technical drivers behind Gpg4win and GnuPG. For the tasks at hand they have secured additional expertise and help by the following subcontractors:

• Thomas Oberndörfer (Mailvelope GmbH)
• Dominik Schürmann (TU Braunschweig, OpenKeychain)
• Vincent Breitmoser (OpenKeychain)
• Oskar Hahn
• KDAB (Deutschland) GmbH & Co. KG

Contact

Prefered: via the public channels of Gpg4win or GnuPG.

Alternatively send email to Emanuel (69A911FC) or Bernhard (EFF5D42A) from Intevation. Encryption appreciated. ;-)