GSOC 2015 Ideas
This is the CAcert Google Summer of Code page for 2015.
CAcert was not chosen for this years event.
To learn more about this year's event, see the Google Summer of Code 2015 page.
If you are interested in participating in the 2015 GSOC as a student and want to do something related to CAcert, please feel free to contact our GSoC administrator Benny Baumann (benbe at cacert dot org).
Table of Contents
Contents
Timeline
The timeline for GSoC for 2015 has now been posted here.
Ideas
After over 10 years of running and maintaining CAcert's existing software the software team decided to rewrite the software as maintaining the grown source code became a tough challenge.
In the course of the rewriting of the software the following two projects have been proposed for the Google Summer of Code 2015.
Rewrite OpenPGP functionality
Project Desription
Integrate functionality to accept, verify and store members' OpenPGP key for signing with CAcert's PGP key into our new software (Gigi).
Then enable the signing system (Cassiopeia) to verify and sign the members key.
Expected results
proof of concept to final version
It's Good To Know
- Coding in Java and/or C++.
- What is Public Key Cryptography, why do we need to sign keys.
- How to read Standards e.g. RFCs
Difficulty level
medium to advanced
Proposed Project Mentor: Benny Baumann
Multi Factor Authenticaction and Authorisation for the new software (Gigi)
Project Desription
Allow members to configure different Authentication mechanisms for their account in our new software (Gigi).
A member should be free to choose to enable/disable password authentication, token based authentication, authentication with client certificate and other means at will.
Therefore the current permission model needs to be extended to enable different permissions based on the authentication mechanism used for a session. This may include having a client certificate for administrative tasks, having an OTP token to issue new personal certificates, usage of mail tokens when managing the own account without a client certificate, or other options the user may wish for.
Expected results
Proof of Concept (PoC) to prototype
It's Good To Know
- Coding in Java
- Java HTTP Servlets, especially with Jetty
- Session Management, Authentication and Authorisation Models
- Pentesting
Difficulty level
medium to expert
Proposed Project Mentor: Felix Dörre
UI Improvements
Project Description
Implementation of various visual improvements to assist the user with validation of inputs, lead through various processes (input pre-validation, step-by-step instructions)
Expected results
Prototype to final version
It's Good To Know
- Accessibility
JavaScript, jQuery, jQueryUI
- HTML 5
- CSS 3, LESS
Difficulty level
Beginner to Medium
Proposed Project Mentor: Benny Baumann, Felix Dörre
Add additional checks to weak key check for ECDSA keys
Project Description
This project aims to implement additional checks to our weak key check in order to allow auditing of ECDSA keys when signing certificates.
- Required tests
- Well-known curve
- Proper curve parameters
- Proper parameter encoding (no explicit curve allowed)
- Proper public key parameters (specified point is on curve)
- Optional tests
- Blacklist for known compromised keys (optional at first)
- Files affected:
- include/notary???
- Additional specs:
- Known parameters for curves in separate directory for easy extension
Expected results
Final version that can be deployed on production system
It's Good To Know
- Coding in PHP 5.4
- Cryptographic background in Public Key Crypto
- Special knowledge in ECC advantageous
- How to read Standards e.g. RFCs
Difficulty level
medium
Proposed Project Mentor: Benny Baumann
Contact: Benny Baumann
Tips for students
Our mentors:
Benny Baumann works as software developer in the field of software hardening. He is one of the Software Assessors for CAcert and leading the software development and maintainance.
Felix Dörre is student in the Computer Science department at KIT in Karlsruhe, Germany. He is one of the core developers of CAcert's new software while helping to maintain the current source code.