Integrating Crypto Identities with Android

 Posted on December 28, 2013  |  Hans-Christoph Steiner

ver the past couple of years, Android has included a central database for managing information about people, it is known as the ContactsContract (that’s a mouthful). Android then provides the People app and reusable interface chunks to choose contacts that work with all the information in the ContactsContract database. Any time that you are adding an account in the Settings app, you are setting up this integration. You can see it with Google services, Skype, Facebook, and many more. [Read More]
Android  encryption  gnupg  gpg  identity  openpgp  otr  pgp  psst  usability 

Keys, signatures, certificates, verifications, etc. What are all these for?

 Posted on December 12, 2013  |  Hans-Christoph Steiner

For the past two years, we have been thinking about how to make it easier for anyone to achieve private communications. One particular focus has been on the “security tokens” that are required to make private communications systems work. This research area is called internally Portable Shared Security Tokens aka PSST. All of the privacy tools that we are working on require “keys” and “signatures”, to use the language of cryptography, and these are the core of what “security tokens” are. [Read More]
encryption  identity  nfc  openpgp  otr  pgp  privacy  psst  qrcode  secure introductions  security  trust  usability 

Modernizing Expectations for the Nouveau Secure Mobile Messaging Movement

 Posted on July 16, 2013  |  n8fr8

The tl;dr of this lengthy (tho entertaining and immensely important!) post is this: Stopping with “We support OTR” or “We support PGP” is not enough anymore. There are at least seven, if not more, very important security features that any app claiming to provide secure messaging must implement as soon as possible, to truly safeguard a user’s communication content, metadata and identity. Note: The names “Gibberbot” and “ChatSecure” are used interchangeabley below, as we are in the midst of an app rebrand. [Read More]
Android  encryption  mobile  otr  pgp  wechat  whatsapp 

Gibberbot v11 is not just secure, its also simple, snappy and super fun!

 Posted on March 8, 2013  |  n8fr8

Gibberbot v11 is now final as of RC3 release: https://github.com/guardianproject/Gibberbot/tree/0.0.11-RC3. From here, the only changes to v11 we will be making will be critical bug fixes. We are now focused on our v12 release, which you can track here: https://dev.guardianproject.info/versions/39 _Please promote our new Gibberbot how-to interactive tutorial available here: https://guardianproject.info/howto/chatsecurely/_ If you have been tracking our efforts here for the last few years, you will know that Gibberbot, our secure instant messaging app, started out as a big old mess of an app called “ORChat” as and then “OTRChat” and then “Gibber” (or “Jibber”? [Read More]
messaging  otr  usability  xmpp 

User scenarios to guide our crypto development

 Posted on April 14, 2012  |  Hans-Christoph Steiner

At Guardian Project, we find user-centered development to be essential to producing useful software that addresses real world needs. To drive this, we work with user stories and scenarios as part of the process of developing software. One particular development focus is the Portable Shared Security Token (PSST) project, which aims to make it easy to use encryption across both mobile and desktop computers, as well as keep the stores of cryptographic identities (i. [Read More]
anonymity  encryption  openpgp  otr  privacy  psst  usability  user scenarios  user stories 

On Verifying Identity Using Cryptography

 Posted on March 19, 2012  |  Hans-Christoph Steiner

One of the most important uses of cryptography these days is verifying the identity of the other side of a digital conversation. That conversation could be between two people using OTR-encrypted IM, a web browser showing a bank website, a Debian Developer uploading a package to the Debian build server, an ssh client logging into an ssh server, and on and on. In all of these cases, cryptography is used to ensure that the software is indeed receiving replies from the expected entity. [Read More]
crypto  https  identity  openpgp  otr  psst  signing  ssh 

How many ways to store 5 numbers?

 Posted on February 23, 2012  |  Hans-Christoph Steiner

At the core of all software that aims to be secure, private and anonymous is encryption, or as I think of it, amazing math tricks with really large numbers. These really large numbers can serve as a token of identity or the key to information locked away behind the encryption math. There are a number of different encryption methods commonly used based on different mathematical ideas, but they all rely on people managing sets of really large numbers, usually known as keys. [Read More]
dsa  encryption  keys  otr  psst