SLIDE 1
- we don‘t do enough crypto yet!
- put encryption and signing at user‘s finger tips
- use something that‘s
GPG4LIBRE: OPENPGP SIGNING & ENCRYPTION IN LIBREOFFICE - - PowerPoint PPT Presentation
GPG4LIBRE: OPENPGP SIGNING & ENCRYPTION IN LIBREOFFICE - - PowerPoint PPT Presentation
GPG4LIBRE: OPENPGP SIGNING & ENCRYPTION IN LIBREOFFICE LIBREOFFICE CONFERENCE ROME OCTOBER 12TH, 2017 Thorsten.Behrens@cib.de GPG4LIBRE - MOTIVATION we dont do enough crypto yet! put encryption and signing at users finger tips
SLIDE 2
SLIDE 3
ARCHITECTURE
g p g m e g p g m e I P C / e x e c v e ... ... S e a h
- r
s e
SLIDE 4
LibreOffice process s
- fg
i c e . b i n Kleopatra/GPA/Seahorse process s e a h
- r
s e GnuPG process g p g
Start Certificate Manager Manage trust levels, edit keys
... g p g m e _
- p
_ s i g n g p g m e _
- p
_ e n c r y p t g p g
- a
g e n t GnuPG process g p g GnuPG process g p g
SEQUENCE DIAGRAM
SLIDE 5
UI IMPROVEMENTS
SLIDE 6
INTEGRATING ALL AVAILABLE KEYS
SLIDE 7
DEFER TO PLATFORM WHERE USEFUL
SLIDE 8
MARKUP: XML SIGNATURES
< S i g n a t u r e x m l n s = " h t t p : / / w w w . w 3 .
- r
g / 2 / 9 / x m l d s i g # " " > < S i g n e d I n f
- >
< C a n
- n
i c a l i z a t i
- n
M e t h
- d
A l g
- r
i t h m = " h t t p : / / w w w . w 3 .
- r
g / T R / 2 1 / R E C
- x
m l
- c
1 4 n
- 2
1 3 1 5 " / > < S i g n a t u r e M e t h
- d
A l g
- r
i t h m = " h t t p : / / w w w . w 3 .
- r
g / 2 1 / 4 / x m l d s i g
- m
- r
e # r s a
- s
h a 2 5 6 " / > < R e f e r e n c e U R I = " s t y l e s . x m l " > < T r a n s f
- r
m s > < T r a n s f
- r
m A l g
- r
i t h m = " h t t p : / / w w w . w 3 .
- r
g / T R / 2 1 / R E C
- x
m l
- c
1 4 n
- 2
1 3 1 5 " / > < / T r a n s f
- r
m s > < D i g e s t M e t h
- d
A l g
- r
i t h m = " h t t p : / / w w w . w 3 .
- r
g / 2 1 / 4 / x m l e n c # s h a 2 5 6 " / > < D i g e s t V a l u e > h 8 x 5 U x E L 9 t 9 W 8 U f Y E H e L m e 1 J O q p k e + H 7 A a G G F D 8 q z F Y = < / D i g e s t V a l u e > < / R e f e r e n c e >
Based on: https://www.w3.org/TR/xmldsig-core/
SLIDE 9
MARKUP: XML SIGNATURES
Actual OpenPGP-Signature: < S i g n a t u r e V a l u e > L S t L S 1 C R U d J . . . t L S t C g = = < / S i g n a t u r e V a l u e > < K e y I n f
- >
< P G P D a t a > < P G P K e y I D > O T A 5 Q k U y N T c 1 Q V E Q k V B M w = = < / P G P K e y I D > < P G P K e y P a c k e t > L S t L S 1 C . . . S t C g = = < / P G P K e y P a c k e t > < / P G P D a t a > < / K e y I n f
- >
SLIDE 10
GPG4LIBRE - ENCRYPTION
SLIDE 11
ENCRYPTION
- extended save
dialog
SLIDE 12
ENCRYPTION
- pick recipient
SLIDE 13
MARKUP: XML ENCRYPTION
Encryption based on: https://www.w3.org/TR/2002/REC-xmlenc-core-20021210
< m a n i f e s t : m a n i f e s t x m l n s : m a n i f e s t = " u r n :
- a
s i s . . . " m a n i f e s t : v e r s i
- n
= " 1 . 2 " x m l n s : l
- e
x t = " u r n :
- r
g : d
- .
. . " > < l
- e
x t : K e y I n f
- >
< l
- e
x t : E n c r y p t e d K e y > < l
- e
x t : E n c r y p t i
- n
M e t h
- d
l
- e
x t : A l g
- r
i t h m = " h t t p : / / w w w . w 3 .
- r
g / 2 1 / 4 / x m l e n c # r s a
- a
e p
- m
g f 1 p " / > < l
- e
x t : K e y I n f
- >
< l
- e
x t : P G P D a t a > < l
- e
x t : P G P K e y I D > Q j E 3 . . . 5 N A = = < / l
- e
x t : P G P K e y I D > < l
- e
x t : P G P K e y P a c k e t > L S t L . . . L S K < / l
- e
x t : P G P K e y P a c k e t > < / l
- e
x t : P G P D a t a > < / l
- e
x t : K e y I n f
- >
< l
- e
x t : C i p h e r D a t a > < l
- e
x t : C i p h e r V a l u e > F A m 4 B . . . a B 8 = < / l
- e
x t : C i p h e r V a l u e > < / l
- e
x t : C i p h e r D a t a > < / l
- e
x t : E n c r y p t e d K e y > < / l
- e
x t : K e y I n f
- >
< m a n i f e s t : f i l e
- e
n t r y m a n i f e s t : f u l l
- p
a t h = " / " m a n i f e s t : v e r s i
- n
= " 1 . 2 " m a n i f e s t : m e d i a
- t
y p e = " a p p l i c a t i
- n
/ v n d .
- a
s i s .
- p
e n d
- c
u m e n t . t e x t " / >
SLIDE 14
MARKUP: XML ENCRYPTION
File entry (details might still change):
< m a n i f e s t : f i l e
- e
n t r y m a n i f e s t : f u l l
- p
a t h = " c
- n
t e n t . x m l " m a n i f e s t : m e d i a
- t
y p e = " t e x t / x m l " m a n i f e s t : s i z e = " 1 5 7 8 1 " > < m a n i f e s t : e n c r y p t i
- n
- d
a t a m a n i f e s t : c h e c k s u m
- t
y p e = " u r n :
- a
s i s : n a m e s : t c :
- p
e n d
- c
u m e n t : x m l n s : m a n i f e s t : 1 . # s h a 2 5 6
- 1
k " m a n i f e s t : c h e c k s u m = " b b p Z z v w + p O u + B A M I w s x n B b s O n 3 P 3
- A
B C d 9 I G x K q y g = " > < m a n i f e s t : a l g
- r
i t h m m a n i f e s t : a l g
- r
i t h m
- n
a m e = " h t t p : / / w w w . w 3 .
- r
g / 2 1 / 4 / x m l e n c # a e s 2 5 6
- c
b c " m a n i f e s t : i n i t i a l i s a t i
- n
- v
e c t
- r
= " j F 3 L t J H W J r / j 9 U v i p Y w Q = = " / > < / m a n i f e s t : e n c r y p t i
- n
- d
a t a > < / m a n i f e s t : f i l e
- e
n t r y >
SLIDE 15
GPG4LIBRE – WRAP-UP AND Q&A
SLIDE 16
ROADMAP
- ODF-conformant signing on Linux
–
ships with LibreOffice 5.4
- ODF-conformant signing also on Windows
–
planned for LibreOffice 6.0 (Feb. 2018)
–
also planned for OS X – open for Android
- experimental encryption on Linux & Windows
–
planned for LibreOffice 6.0 (Feb. 2018)
–
needs ODF extensions
- ODF-next
–
proposing XMLSEC-extensions for OpenPGP encryption to OASIS ODF TC – GA around 2018 or 2019
SLIDE 17