|
Size: 4158
Comment: added revocation certificates
|
← Revision 9 as of 2017-09-15 08:07:28 ⇥
Size: 4712
Comment: Contacts: improves phrasing
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 3: | Line 3: |
| October 2015 - July 2017 == Results Software improvement were directly made 'in upstream', so that [[https://wiki.gnupg.org/Gpg4win/Testversions|Gpg4win 3.0 release candidates]] included the Outlook-Plugin with ~OpenPGP/MIME and Exchange-support, the updated crypto engine GnuPG with elliptic curve cryptography and an improved crypto expert interface. The research about about ~OpenPGP crypto usage for web applications and Android was published August 2016 under a CC-BY-SA license directly by the [[https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2016|BSI]] (in German): * [[https://www.bsi.bund.de/DE/Publikationen/Studien/OpenPGP/openpgpandroid.html|Nutzung von OpenPGP auf Android]] * [[https://www.bsi.bund.de/DE/Publikationen/Studien/OpenPGPWebanwendungen/openpgpwebanwendungen.html|Nutzung von OpenPGP in Webanwendungen]] ** cited in [[https://posteo.de/blog/unsere-vorabinformation-zum-neuen-test-der-stiftung-warentest]] |
|
| Line 15: | Line 33: |
| Line 25: | Line 42: |
| ** Initialization of OpenPGP smart cards | ** Initialization of ~OpenPGP smart cards |
| Line 41: | Line 58: |
| * WP2: Study about using OpenPGP in web browsers | * WP2: Study about using ~OpenPGP in web browsers |
| Line 50: | Line 67: |
| ** Description of available Android implementations using OpenPGP | ** Description of available Android implementations using ~OpenPGP |
| Line 53: | Line 70: |
== Timeline and Results Scheduled contract time line: October 2015 - October 2017 Resulting software improvements or software designs will be developed within the upstream Free Software initiatives and thus be reflected in their roadmaps like [[Gpg4win/Roadmap]]. Parts of the research will be done in public, using this wiki for instance. The full documents to complete the contract will be in German. It is planned (but not guaranteed) to publish them under a CC-BY-SA license. |
|
| Line 77: | Line 82: |
| The German companies Intevation GmbH and g10 code GmbH are the main technical drivers behind Gpg4win and GnuPG. For the tasks at hand they have secured |
The German companies [[https://intevation.net/|Intevation GmbH]] and [[https://g10code.com|g10 code GmbH]] are the main technical drivers behind Gpg4win and GnuPG. For the tasks at hand they have secured |
| Line 93: | Line 98: |
| Alternatively send email to | Alternatively send email to the project manager |
| Line 95: | Line 101: |
| or | or his deputy |
| Line 97: | Line 103: |
| ([[http://intevation.de/~bernhard/bernhard_gpgkey.asc|EFF5D42A]]) | ([[https://intevation.de/~bernhard/bernhard_gpgkey.asc|EFF5D42A]]) |
Contract 'Gpg4all' 2015
October 2015 - July 2017
Results
Software improvement were directly made 'in upstream', so that Gpg4win 3.0 release candidates included the Outlook-Plugin with OpenPGP/MIME and Exchange-support, the updated crypto engine GnuPG with elliptic curve cryptography and an improved crypto expert interface.
The research about about OpenPGP crypto usage for web applications and Android was published August 2016 under a CC-BY-SA license directly by the BSI (in German):
Goals
- Maintenance and development of Gpg4win: Adapt it to new versions of Windows and Outlook. Consider current cryptographic recommendations. Integrate GnuPG 'modern'. Clean up Kleopatra.
- Research: How can GpgOL do MIME? How can the existing implementation be made more secure?
- Research: How could GnuPG and email/file end-to-end security be brought to webbrowsers and android devices?
Workpackages
- WP1.1: GpgOL
- WP1.2: Improve Kleopatra
- Initial setup dialog
- Initialization of OpenPGP smart cards
- Associate file extensions with Kleopatra
- Auto import of missing certificates
- Easier setting of owner trust after import
- Improvements in several certificate related function and dialogs, e.g.
- Creation of revocation certificates
- Update Kleopatra to Qt5 and KDE Frameworks 5, reduce KDE dependencies, add more languages for Kleopatra
- Test plan
- WP1.3: Gpg4win: general improvements
- WP1.4: Extended Quality assurance of Gpg4win
- Estimation for an automated build and test environment for Gpg4win
- Some additional automated tests
- WP2: Study about using OpenPGP in web browsers
- Technical requirements
- Analysis of available plugin/addon interfaces in Firefox and Chrome
- Description of available plugins/addons implementations providing OpenPGP
- Recommendations, including effort estimation and risk when improving an existing Free Software implementation or developing a new one.
- WP3: Study about using GnuPG on Android
- Technical requirements
- Analysis of Android. How to integrate a crypto "service" based on GnuPG?
- Description of available Android implementations using OpenPGP
- Recommendations, including effort estimation and risks when improving an existing Free Software implementation or developing a new one.
Principal BSI
In 2015 the German Federal Office for Information Security (BSI) contracted Intevation and g10 Code for the 'Gpg4all' project. The public tender was published in April, work started in October.
Team
The German companies Intevation GmbH and g10 code GmbH are the main technical drivers behind Gpg4win and GnuPG. For the tasks at hand they have secured additional expertise and help by the following subcontractors:
- Thomas Oberndörfer (Mailvelope GmbH)
- Dominik Schürmann (TU Braunschweig, OpenKeychain)
- Vincent Breitmoser (OpenKeychain)
- Oskar Hahn
- KDAB (Deutschland) GmbH & Co. KG
Contact
Prefered: via the public channels of Gpg4win or GnuPG.
Alternatively send email to the project manager Emanuel (69A911FC) or his deputy Bernhard (EFF5D42A) from Intevation. Encryption appreciated. ;-)