Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

[DSP] What and why?

$
0
0

The contest (DSP a.k.a. “Get Noticed”) has started three days ago, so it’s probably a good time to jump in and present the project I intend to push through it. I also want to say a few words about my motivation.

I had plenty of ideas to choose from, but I decided to select the one that can potentially be most useful after being complete (partially or fully). Other choices included more entertainment-related things. At one point I was already almost sure that I will proceed with a choose-your-own-adventure engine written in ClojureScript. I even had a name! But finally decided to change.

So, say hello to project Bletchley.

The “What”

Bletchley is supposed to be a desktop application (I haven’t written one since university times) working on all major platforms. It will let “ordinary people” use public key based encryption to send (and receive) encrypted files to their contacts. My main goal with it is to raise awareness of some privacy-slash-security issues with everyday messaging we do.

I was quite surprised that apparently there isn’t such any solution available yet, at least not one concentrating on ease of use and not needing to know technical details.

The “Why”

Privacy is important. We all know that, giving away parts of it every day. But the concept for this piece of software came from real-world need I encounter from time to time.

Since I change addresses quite frequently, I don’t usually report my current address to number of institutions, Instead, I use my parents’ address, which is also my official permanent residence location. As a result, sometimes (especially at the beginning of the year) they receive a number of documents that are supposed to go to me. Usually they scan it and send me by email. And here’s the problem.

I don’t necessarily want my financial or tax data to flow through the internet. Of course, I’m not accusing Google, which we all use, of leaking data. But bear in mind that if any mail box is hacked, leaked or exposed e.g. with a stolen laptop - someone might gain access to those attachments without any problem. It means that even though you might be cautious as f**k, it might not matter.

And trying to teach my parents to use console-based encryption tools that are available… Let’s say it won’t work. So I would like to create a tool that can possibly solve it.

The name

Bletchley Park was a centre of British code cracking during World War II. It is where Enigma was cracked, not only by Alan Turing, but with help of crucial work done by Polish cryptologists: Rejewski, Róycki and Zygalski. It’s not the greatest name of there, but I couldn’t come up with anything better on such short notice.

Functional requirements

To cut the crap, here are some functional requirements for my application:

Adding existing private keys Generating key pairs (only secure algorithms) Encrypting files with arbitrary keys (added to application or not) Storing a “Contact list” - name + public key + (probably) email Decrypting files with private keys added to application

And some bonus ones:

Sending email with encrypted attachment to people from contact list Batch sending - for every entry in the list, a file will be encrypted with appropriate key and sent to their email

Also, apart from the application, I want to create a website underlining importance of security and privacy, including tutorial on how to use the application etc. I should be available in English and Polish at least. Also, web page is not optional - it is important part of the whole project.

Technology

I’m not yet sold to any one particular choice of technology stack. My thought for now are: Rust, QML, sqlite3. I will probably spend first few weeks evaluating options I have before I write any line of code that will stay in the repo.


Viewing all articles
Browse latest Browse all 12749

Trending Articles