[GSOC] Public Key Cryptography
71 views
Skip to first unread message
Sean McGregor
Apr 13, 2013, 2:05:09 AM4/13/13
to pri...@googlegroups.com
Hello All,
I am loving the eagerness on IRC to work on the crypto "ideas" for the
Summer of Code. These are both challenging and rewarding projects to
tackle. A particularly challenging project that people have been
asking about is implementing PGP as an Injectable Application. This
idea states that skills needed are "Experience with C, JavaScript, and
browser extensions."
Very few students will have all the requisite experience for PGP on
Privly, and completing all the functionality during a summer is
unrealistic without that experience. Developing public key crypto,
even when it uses an existing library, is tricky. Mishandling private
keys has an extremely high cost.
If you have JavaScript experience and want to work on Crypto, I
recommend working on porting OTR to a Privly injectable application
instead.
If you want to tackle the PGP implementation, you *must* break it into
clear, manageable steps. I recommend you approach it from one of the
following directions:
a) "Bottom up," (JavaScript focus) Start with the PGP Injectable
Application, and posting application [1].
Develop the user interface into PGP, starting with injectable
application, then the posting application, then move onto the more
difficult meta steps of managing other users' public keys.
b) "Top Down," (C++ focus) Start with the Google Native Client library
Google Native Client (NaCl) is a double-sandboxed environment for
compiled code running within browser extensions. This means the
compiled library is protected from the browser, and the computer is
protected from the compiled library.
The NaCl branch [2] of the Chrome extension includes a message
interface from NaCl to the extension's code, but the compiled code
only has a few testing functions and integration with a prototyping
crypto library (libTomCrypt).
Start with writing a c++ wrapper for the library's public key
encryption, decryption, verification, and signing. Do not implement
key management (yet). Focus on the API that will be used by the PGP
injectable application which assumes the presence of the user's
private key, and other users' public keys.
From there, we will solve the issues inherent in protecting user
private keys in the compiled library when its interface is the
browser.
___
These tips don't form a complete implementation plan, but they form a
starting point for you to expand upon.
Feel free to discuss on the list or on IRC.
Best,
Sean
[1] A posting application is the application that generates a new
Privly-type link.
[2] https://github.com/privly/privly-chrome/tree/nacl
--
Sean McGregor
Oregon State University, Department of Computer Science
Twitter: seanmcgregor
irc.freenode.net: smcgregor
I am loving the eagerness on IRC to work on the crypto "ideas" for the
Summer of Code. These are both challenging and rewarding projects to
tackle. A particularly challenging project that people have been
asking about is implementing PGP as an Injectable Application. This
idea states that skills needed are "Experience with C, JavaScript, and
browser extensions."
Very few students will have all the requisite experience for PGP on
Privly, and completing all the functionality during a summer is
unrealistic without that experience. Developing public key crypto,
even when it uses an existing library, is tricky. Mishandling private
keys has an extremely high cost.
If you have JavaScript experience and want to work on Crypto, I
recommend working on porting OTR to a Privly injectable application
instead.
If you want to tackle the PGP implementation, you *must* break it into
clear, manageable steps. I recommend you approach it from one of the
following directions:
a) "Bottom up," (JavaScript focus) Start with the PGP Injectable
Application, and posting application [1].
Develop the user interface into PGP, starting with injectable
application, then the posting application, then move onto the more
difficult meta steps of managing other users' public keys.
b) "Top Down," (C++ focus) Start with the Google Native Client library
Google Native Client (NaCl) is a double-sandboxed environment for
compiled code running within browser extensions. This means the
compiled library is protected from the browser, and the computer is
protected from the compiled library.
The NaCl branch [2] of the Chrome extension includes a message
interface from NaCl to the extension's code, but the compiled code
only has a few testing functions and integration with a prototyping
crypto library (libTomCrypt).
Start with writing a c++ wrapper for the library's public key
encryption, decryption, verification, and signing. Do not implement
key management (yet). Focus on the API that will be used by the PGP
injectable application which assumes the presence of the user's
private key, and other users' public keys.
From there, we will solve the issues inherent in protecting user
private keys in the compiled library when its interface is the
browser.
___
These tips don't form a complete implementation plan, but they form a
starting point for you to expand upon.
Feel free to discuss on the list or on IRC.
Best,
Sean
[1] A posting application is the application that generates a new
Privly-type link.
[2] https://github.com/privly/privly-chrome/tree/nacl
--
Sean McGregor
Oregon State University, Department of Computer Science
Twitter: seanmcgregor
irc.freenode.net: smcgregor
Gurutharshan Nadarajah
Apr 26, 2013, 1:59:28 AM4/26/13
to pri...@googlegroups.com
Hi,
I'm Gurutharshan Nadarajah, Final year from University of Moratuwa. I would like to work on OTR project caz of i had experience on JavaScript technologies during my internship period at OrangerHRM and learnt about Cryptography during my CS & Eng degree program.
I'm reading background study about OTR and your application.
suggest me to get more info and get into work with you...:)
Sean McGregor
Apr 26, 2013, 8:26:58 PM4/26/13
to pri...@googlegroups.com
Gurutharshan,
To be eligible for the our GSoC program you must first have one of
your pull requests approved. If you contact me on IRC I can work with
you to find a bug to work on. I will try to find a bug that will help
you understand the system better, which will help you write the GSoC
application.
-Sean
> --
> You received this message because you are subscribed to the Privly
> development mailing list. To post to this list, send email to
> pri...@googlegroups.com. To unsubscribe from this group, send email to
> privly+un...@googlegroups.com. For more options, visit this group at
> https://groups.google.com/d/forum/privly?hl=en
>
> Privly testers should also sign up for this list:
> https://groups.google.com/forum/#!forum/privly-test
> ---
> You received this message because you are subscribed to the Google Groups
> "privly" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to privly+un...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
To be eligible for the our GSoC program you must first have one of
your pull requests approved. If you contact me on IRC I can work with
you to find a bug to work on. I will try to find a bug that will help
you understand the system better, which will help you write the GSoC
application.
-Sean
> You received this message because you are subscribed to the Privly
> development mailing list. To post to this list, send email to
> pri...@googlegroups.com. To unsubscribe from this group, send email to
> privly+un...@googlegroups.com. For more options, visit this group at
> https://groups.google.com/d/forum/privly?hl=en
>
> Privly testers should also sign up for this list:
> https://groups.google.com/forum/#!forum/privly-test
> ---
> You received this message because you are subscribed to the Google Groups
> "privly" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to privly+un...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
Reply all
Reply to author
Forward
0 new messages