GPG4LIBRE: OPENPGP SIGNING & ENCRYPTION IN LIBREOFFICE LIBREOFFICE CONFERENCE ROME OCTOBER 12TH, 2017 Thorsten.Behrens@cib.de
GPG4LIBRE - MOTIVATION ● we don‘t do enough crypto yet! ● put encryption and signing at user‘s finger tips ● use something that‘s cheap – ubiquitous – peer to peer – stable, reliable, cross-platform, and comes with tons of features –
ARCHITECTURE ... I P C g g / p p g g m e m e x e e c v e S e a h o r s e ...
SEQUENCE DIAGRAM LibreOffice process Kleopatra/GPA/Seahorse process GnuPG process GnuPG process GnuPG process s o fg i c e . b i n s e a h o r s e g g g p p p g g g Start Certificate Manager Manage trust levels, edit keys g p g m e _ o p _ s i g n g p g - a g g p g m e _ o p _ e n c r y p t e n t ...
UI IMPROVEMENTS
INTEGRATING ALL AVAILABLE KEYS
DEFER TO PLATFORM WHERE USEFUL
MARKUP: XML SIGNATURES Based on: https://www.w3.org/TR/xmldsig-core/ < S i g n a t u r e x m l n s = " h t t p : / / w w w . w 3 . o r g / 2 0 0 0 / 0 9 / x m l d s i g # " " > < S i g n e d I n f o > < C a n o n i c a l i z a t i o n M e t h o d A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / T R / 2 0 0 1 / R E C - x m l - c 1 4 n - / > 2 0 0 1 0 3 1 5 " < S i g n a t u r e M e t h o d A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / 0 4 / x m l d s i g - m o r e # r s a - / > s h a 2 5 6 " < R e f e r e n c e U R I = " s t y l e s . x m l " > < T r a n s f o r m s > < T r a n s f o r m A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / T R / 2 0 0 1 / R E C - x m l - c 1 4 n - 2 0 0 1 0 3 1 5 " / > < / T r a n s f o r m s > < D i g e s t M e t h o d A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / 0 4 / x m l e n c # s h a 2 5 6 " / > < D i g e s t V a l u e > < / D i g e s t V a l u e > h 8 x 5 U x E L 9 t 9 W 8 U f Y E H e L m e 1 J O q p k e + H 7 A a G G F D 8 q z F Y = < / R e f e r e n c e >
MARKUP: XML SIGNATURES Actual OpenPGP-Signature: < S i g n a t u r e V a l u e > L S 0 t L S 1 C R U d J . . . t L S 0 t C g = = < / S i g n a t u r e V a l u e > < K e y I n f o > < P G P D a t a > < P G P K e y I D > O T A 5 Q k U y N T c 1 Q 0 V E Q k V B M w = = < / P G P K e y I D > < P G P K e y P a c k e t > < / P G P K e y P a c k e t > L S 0 t L S 1 C . . . S 0 t C g = = < / P G P D a t a > < / K e y I n f o >
GPG4LIBRE - ENCRYPTION
ENCRYPTION ● extended save dialog
ENCRYPTION ● pick recipient
MARKUP: XML ENCRYPTION Encryption based on: https://www.w3.org/TR/2002/REC-xmlenc-core-20021210 < m a n i f e s t : m a n i f e s t x m l n s : m a n i f e s t = " u r n : o a s i s . . . " m a n i f e s t : v e r s i o n = " 1 . 2 " > x m l n s : l o e x t = " u r n : o r g : d o . . . " < l o e x t : K e y I n f o > < l o e x t : E n c r y p t e d K e y > < l o e x t : E n c r y p t i o n M e t h o d l o e x t : A l g o r i t h m = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / 0 4 / x m l e n c # r s a - o a e p - m g f 1 p " / > < l o e x t : K e y I n f o > < l o e x t : P G P D a t a > < l o e x t : P G P K e y I D > < / l o e x t : P G P K e y I D > Q j E 3 . . . 5 N A = = < l o e x t : P G P K e y P a c k e t > < / l o e x t : P G P K e y P a c k e t > L S 0 t L . . . L S 0 K < / l o e x t : P G P D a t a > < / l o e x t : K e y I n f o > < l o e x t : C i p h e r D a t a > < l o e x t : C i p h e r V a l u e > F A m 4 B . . . a B 8 = < / l o e x t : C i p h e r V a l u e > < / l o e x t : C i p h e r D a t a > < / l o e x t : E n c r y p t e d K e y > < / l o e x t : K e y I n f o > < m a n i f e s t : f i l e - e n t r y m a n i f e s t : f u l l - p a t h = " / " m a n i f e s t : v e r s i o n = " 1 . 2 " / > m a n i f e s t : m e d i a - t y p e = " a p p l i c a t i o n / v n d . o a s i s . o p e n d o c u m e n t . t e x t "
MARKUP: XML ENCRYPTION File entry (details might still change): < m a n i f e s t : f i l e - e n t r y m a n i f e s t : f u l l - p a t h = " c o n t e n t . x m l " m a n i f e s t : m e d i a - t y p e = " t e x t / x m l " m a n i f e s t : s i z e = " 1 5 7 8 1 " > < m a n i f e s t : e n c r y p t i o n - d a t a m a n i f e s t : c h e c k s u m - t y p e = " u r n : o a s i s : n a m e s : t c : o p e n d o c u m e n t : x m l n s : m a n i f e s t : 1 . 0 # s h a 2 5 6 - 1 k " m a n i f e s t : c h e c k s u m = " b b p Z z v w + p O u + B A M I 0 w s x n 0 B b s O n 3 P 3 o A B C d 9 I G x K q y g = " > < m a n i f e s t : a l g o r i t h m m a n i f e s t : a l g o r i t h m - n a m e = " h t t p : / / w w w . w 3 . o r g / 2 0 0 1 / 0 4 / x m l e n c # a e s 2 5 6 - c b c " m a n i f e s t : i n i t i a l i s a t i o n - v e c t o r = " 0 j F 3 L t J H W J r / j 9 U v i p Y w 0 Q = = " / > < / m a n i f e s t : e n c r y p t i o n - d a t a > < / m a n i f e s t : f i l e - e n t r y >
GPG4LIBRE – WRAP-UP AND Q&A
ROADMAP ● ODF-conformant signing on Linux ships with LibreOffice 5.4 – ● ODF-conformant signing also on Windows planned for LibreOffice 6.0 (Feb. 2018) – also planned for OS X – open for Android – ● experimental encryption on Linux & Windows planned for LibreOffice 6.0 (Feb. 2018) – needs ODF extensions – ● ODF-next proposing XMLSEC-extensions for OpenPGP encryption to – OASIS ODF TC – GA around 2018 or 2019
THANK YOU! OUR PRODUCTS: WE CAN HELP: HTTP://LIBREOFFICE.CIB.DE/ HTTP://LIBREOFFICE.CIB.DE/SUPPORT
Recommend
More recommend