Workplan for Year 2¶
Develop and deploy “portable shared security tokens” (PSST), which improve the means for storing and syncing sensitive data (particularly keys) between mobile devices, servers, and desktops.
Guardian’s first year of work on PSST resulted in the porting of full OpenPGP implementation to Android; successful cryptographic key conversion (OTR) library and sync capabilities; virtual, portable encrypted file system for mobile and desktop environments (IOCipher);
and has neared completion of secure desktop-mobile or mobile-mobile secure sync (IOCipherServer, or “SpotSync”). Guardian’s work in the second year will include the following:
- Expand the reach of and simplify the entire chain of tools, linking the tools into a two-way automated sequence that allows key conversion, secure syncing, and secure storage.
- Continue mobile OpenPGP implementation including
- Produce a user application to enable key management,encryption/decryption/signing
- Create a development Library / API for 3rd party app integration
- Provide mobile training and support with existing desktop GPG/PGP users
- Continue development of SpotSync secure server (and IOCipher file system) on mobile and desktop.
- Integrate support for GPG and OTR key syncing
- Integrate management of IOCipher virtual disk stores
- Support syncing via Tor Hidden Services
- Support syncing via Commotion Mesh
- Coordinate with ODK, Martus, other “mobile forms” projects to ensure the secure storage and sync mechanism can work with their designs
Development Focus¶
First Quarter Priorities¶
These are in rough order of importance:
- GnuPG-for-Android: developing a fully functional framework for application developer's to use, with central passphrase handling and basic key management interface
- IOCipher: releasing a stable version for basic common use cases
- OTRFileConverter: releasing a stable version that handles file conversion for basic common use cases
- CleanRoom GUI: design a simple GUI for keysigning and subkey revoking/regenerating
Second Quarter Priorities¶
These are in rough order of importance:
- GnuPG-for-Android: development of user and application interfaces to achieve feature parity with the current APG library
- IOCipher: integration layers to ease development with standard Android APIs
- OTR File Converter: implement key syncing to Gibberbot
- SpotSync: Refine design and develop an initial alpha release
- Testing: beta testing (IOCipher and GnuPG-for-Android library)
- CleanRoom GUI: refine and continue to develop the GUI for key management
- CleanRoom Distro: first pass at integrating with Tails for offline secure key management
Third Quarter Priorities¶
These are in rough order of importance:
- GnuPG-for-Android: integrate new GnuPG libraries into existing apps (e.g., K9)
- IOCipher: another stable release with Android integration layers
- OTR File Converter: implement key syncing to other desktop applications (Pidgin, Adium, etc)
- Testing: continued testing (IOCipher and GnuPG-for-Android library)
- CleanRoom GUI: alpha release of a key management GUI
- CleanRoom Distro: alpha release of a secure key management distro
Brainstorming Specific Tasks¶
- otrfileconverter syncing
- PC -> mobile
- PC -> PC
- GnuPG-for-Android replacing APG for K-9
- otrfileconverter any-to-any conversion
- secure network transmission between computer and gibberbot
- export gpg subkeys for OTR, GPG, SSH, HTTPS, etc.
- import gpg subkeys for above
- develop PGP schema for storing+chaining keys under a master key
- GnuPG for Android UI for all required tasks (key mgmt, password prompting, etc.)
- try AllJoyn proof-of-concept for syncing
- IP+fingerprint QR Code swap for finding the other side of sync (laptop or phone)
- cleanroom signing interface
- cleanroom key revokation and regeneration interface
- improve UI representation of OTR states (no crypto, encrypted, verified, smp, etc.) for: pidgin, adium, jitsi, gajim, etc.
- smooth K-9 GPG experience