Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crypto? been there, done that

Crypto? been there, done that

Mobile Warsaw 2015. ObjectivePGP, CryptoSwift

Marcin Krzyzanowski

May 25, 2015

More Decks by Marcin Krzyzanowski

Other Decks in Programming


  1. “I didn’t really know what PGP was,” he admits. “I

    had no idea how to install it or how to use it.” It seemed time- consuming and complicated. (RollingStone) Glenn Greenwald
  2. PGP After this article appeared, Werner Koch informed us that

    last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Koch’s project.
  3. “PGP 2.6.x - This version of PGP has many variants,

    hence the term PGP 2.6.x. It used only RSA, MD5, and IDEA for its cryptographic transforms.” OpenPGP
  4. “PGP 5.x - This version of PGP is formerly known

    as "PGP 3" in the community and also in the predecessor of this document, RFC 1991. It has new formats and corrects a number of problems in the PGP 2.6.x design.” OpenPGP
  5. “GnuPG is an OpenPGP implementation that avoids all encumbered algorithms.

    Consequently, early versions of GnuPG did not include RSA public keys. GnuPG may or may not have (depending on version) support for IDEA or other encumbered algorithms.” OpenPGP
  6. • 17 packets (keys, subkeys, signatures, subsignatures, data packets) •

    12 variants of Signature packet • 7 variants of Key packet • 9 types of messages • versioned packet: version 3, version 4 OpenPGP
  7. ObjectivePGP •GPGME by GnuPG • licence issue •NetPGP by NetBSD

    • not maintained, crashing. •UNNetPGP (wrapper) •NetPGP based PGP library for iOS
  8. •Maintaining •A lof of people ask for sources •Not really

    interested in contribution •because it’s hard •nobody have budget for components ObjectivePGP
  9. There must me easier way. Privacy app is attempt to

    make PGP as easy as possible. privacyapp.io
  10. •maintaining •fundamental questions are fine •code in PHP is fine

    •misusing AES is bad, but asking is fine •nobody really contribute back because everybody think it is too hard CryptoSwift