GSoC/GCI Archive
Google Summer of Code 2015

OpenKeychain (OpenPGP for Android)

License: GNU General Public License version 3.0 (GPLv3)

Web Page: https://github.com/open-keychain/open-keychain/wiki/Google-Summer-of-Code-2015

Mailing List: http://groups.google.com/d/forum/openpgp-keychain-dev

OpenKeychain is an OpenPGP implementation for Android. Similar to what the well-known GnuPG software does on desktop systems, OpenKeychain primarily serves as a key management tool, but with a stronger focus on usability. Modern mobile devices allow new features like key exchange via QR or NFC, and support for secret keys stored on Yubikey devices.

On its own, OpenKeychain supports encryption, decryption, signature generation, and signature verification of files and text. In addition to stand-alone use, it comes with an API which makes crypto operations available for other apps. We are actively working together with K-9 Mail to bring secure email based on the OpenPGP standard to Android.

Projects

  • Enhancing Openkeychain Functionality I'd like to work on allowing the automatic sync of keys to servers, and adding support for revocation certificates. I believe these features go a long way in enhancing the security and functionality offered by Openkeychain to its users, besides establishing good practices with respect to key revocation and deletion.
  • Passphrase alternatives Data security has become an important subject due to the increasing number of user data breaches. In order to increase the security and entropy for cases where there is an attempt at gaining access to user data, this proposal has a few suggestions on how to increase the security of OpenKeychain by presenting a number of security methods that the user can choose to protect his data from unauthorized access.