## page was renamed from gpg4all = Contract 'Gpg4all' 2015 October 2015 - July 2017 == Results Software improvement were directly made 'in upstream', so that [[https://wiki.gnupg.org/Gpg4win/Testversions|Gpg4win 3.0 release candidates]] included the Outlook-Plugin with ~OpenPGP/MIME and Exchange-support, the updated crypto engine GnuPG with elliptic curve cryptography and an improved crypto expert interface. The research about about ~OpenPGP crypto usage for web applications and Android was published August 2016 under a CC-BY-SA license directly by the [[https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2016|BSI]] (in German): * [[https://www.bsi.bund.de/DE/Publikationen/Studien/OpenPGP/openpgpandroid.html|Nutzung von OpenPGP auf Android]] * [[https://www.bsi.bund.de/DE/Publikationen/Studien/OpenPGPWebanwendungen/openpgpwebanwendungen.html|Nutzung von OpenPGP in Webanwendungen]] ** cited in [[https://posteo.de/blog/unsere-vorabinformation-zum-neuen-test-der-stiftung-warentest]] == Goals * Maintenance and development of Gpg4win: Adapt it to new versions of Windows and Outlook. Consider current cryptographic recommendations. Integrate GnuPG 'modern'. Clean up Kleopatra. * Research: How can GpgOL do MIME? How can the existing implementation be made more secure? * Research: How could GnuPG and email/file end-to-end security be brought to webbrowsers and android devices? == Workpackages * WP1.1: GpgOL ** Feasibility study: MIME support for MS Outlook ** Feasibility study: Exchange support for MS Outlook ** 64-bit version of GpgOL for MS Outlook 2010/2013/2016 ** Test plan * WP1.2: Improve Kleopatra ** Initial setup dialog ** Initialization of ~OpenPGP smart cards ** Associate file extensions with Kleopatra ** Auto import of missing certificates ** Easier setting of owner trust after import ** Improvements in several certificate related function and dialogs, e.g. *** Creation of revocation certificates ** Update Kleopatra to Qt5 and KDE Frameworks 5, reduce KDE dependencies, add more languages for Kleopatra ** Test plan * WP1.3: Gpg4win: general improvements ** Notification of available updates ** Pinentry: show/hide passphrase in clear text ** Revision of the compendium (German language version) ** Update GnuPG to 'modern' (v>2.1). Allows e.g. [[ECC]]. * WP1.4: Extended Quality assurance of Gpg4win ** Estimation for an automated build and test environment for Gpg4win ** Some additional automated tests * WP2: Study about using ~OpenPGP in web browsers ** Technical requirements ** Analysis of available plugin/addon interfaces in Firefox and Chrome ** Description of available plugins/addons implementations providing OpenPGP ** Recommendations, including effort estimation and risk when improving an existing Free Software implementation or developing a new one. * WP3: Study about using GnuPG on Android ** Technical requirements ** Analysis of Android. How to integrate a crypto "service" based on GnuPG? ** Description of available Android implementations using ~OpenPGP ** Recommendations, including effort estimation and risks when improving an existing Free Software implementation or developing a new one. == Principal BSI In 2015 the German Federal Office for Information Security ([[https://www.bsi.bund.de/EN|BSI]]) contracted [[https://intevation.de|Intevation]] and [[https://g10code.com|g10 Code]] for the 'Gpg4all' project. The [[http://lists.wald.intevation.org/pipermail/gpg4win-users-de/2015-April/000787.html|public tender]] was published in April, work started in October. == Team The German companies [[https://intevation.net/|Intevation GmbH]] and [[https://g10code.com|g10 code GmbH]] are the main technical drivers behind Gpg4win and GnuPG. For the tasks at hand they have secured additional expertise and help by the following subcontractors: * Thomas Oberndörfer ([[https://www.mailvelope.com/|Mailvelope GmbH]]) * Dominik Schürmann (TU Braunschweig, [[https://www.openkeychain.org/|OpenKeychain]]) * Vincent Breitmoser ([[https://www.openkeychain.org/|OpenKeychain]]) * Oskar Hahn * [[https://www.kdab.com/|KDAB (Deutschland) GmbH & Co. KG]] == Contact Prefered: via the public channels of [[https://gpg4win.org/community.html|Gpg4win]] or [[https://gnupg.org/documentation/mailing-lists.html|GnuPG]]. Alternatively send email to the project manager [[mailto:emanuel.schuetze@intevation.de|Emanuel]] (~69~A911FC) or his deputy [[mailto:bernhard.reiter@intevation.de|Bernhard]] ([[https://intevation.de/~bernhard/bernhard_gpgkey.asc|EFF5D42A]]) from Intevation. Encryption appreciated. ;-)