[Tails-dev] Symmetric OpenPGP encryption and removing FireGP…

このメッセージを削除

このメッセージに返信
著者: intrigeri
日付:  
To: tails-dev
題目: [Tails-dev] Symmetric OpenPGP encryption and removing FireGPG - middle term, UI
Hi,

Tails 0.9 will have a custom version of FireGPG that was patched to
workaround the best we can (that is, probably partially) some security
issues it has. So the very short term is covered I think.

On the long run, we hope Seahorse gets support for symmetric
encryption, and we hope seahorse-plugins (that provides the panel
applet) is relived upstream. This probably won't happen unless someone
brings new energy into there. (For the record, Seahorse is written in
C, upstream already agrees about adding symmetric encryption support
=> only thing needed now is writing patches => tell your friends).

But I think the middle term needs a solution; I'm targeting anything
from Tails 0.10 to the first Wheezy -based version here. So I've
quickly drafted a GNOME applet that, when clicked, symmetrically
encrypts the content of the clipboard. It relies on a GnuPG agent
(e.g. Seahorse) to ask the passphrase (twice, in the case of
Seahorse). The ciphertext is put back into the clipboard. This can be
seen in the bugfix/remove_firegpg branch. Tests are welcome.

I'm fairly happy with the applet itself, but the resulting global
desktop UI seems overly complicated to me:
  - a launcher icon (Seahorse applet) offers to *decrypt* and/or
    *verify* the clipboard content
  - another applet in the notification bar (our new one) offers to
    symmetrically *encrypt* the clipboard content


So I wonder if we should not take over the Seahorse applet text
decryption and verification functionality, and consolidate all the
symmetric encryption toolkit into one single applet. I could take
a few more hours to feature-bloat my applet like so, and would be
happy to drop the whole thing into the trashcan once Seahorse has
improved. What do you think?

More?
-> https://tails.boum.org/todo/symmetric_OpenPGP_vs_recent_Iceweasel/

Cheers
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| So what?