On September 8th and 9th, the first OpenPGP.conf took place in Köln, Germany. The conference was organized by the German Unix User Group (GUUG) and attracted over 50 participants from around the world. The program consisted of 18 highly technical talks. Lunch and dinner were provided at the venue, which resulted in lots of time to increase ties between projects as well as exchange and develop ideas.

Figure 1: The GnuPG team:

dkg, Justus, Neal, Kai, Werner, André, Gniibe

From the GnuPG project, Werner presented an introduction to the new web key service (WKS) protocol, which is being deployed by several mail providers including Posteo. The basic problem that WKS addresses is how to find someone's key. Currently, most people just search the key servers for keys matching the person's email address. Although this works reasonably well, the recent evil32 attack has reminded many people that the keyservers provide no guarantees that a returned key is controlled by the stated owner. In WKS, people upload their keys to their mail provider. Since only the email account's owner can change the association, this is guaranteed to not only be the right key, but the user's preferred key. Of course, users still need to trust their mail provider to deliver the correct key. But, we believe this provides a significant improvement both in terms of security and usability over the status quo. Those requiring stronger guarantees are still encouraged to either directly verify their communication partner's key or use the web of trust. The German news site Golem reported on Werner's presentation. Meskio from the LEAP project also present how LEAP is doing key discovery. Phillip Hallam-Baker discussed key management in the Mesh. And, Holger Krekel discussed how to distribute keys inline.

Justus discussed his proposal for a common OpenPGP test suite. The main problem that he observed in his recent work on the GPGME Python bindings is that GPG, GPGME, and each of the GPGME bindings have their own test suite that tests similar functionality to the other test suites. His idea is to merge the common parts by defining a simple interface, and having each component just map the API to its own API.

Niibe presented his fully free cryptographic token, GnuK (pronounced: ɡəˈnuːk), which he started developing in 2010. The GnuK is special in that it is the only cryptographic token that is based entirely on Free Software, the entire hardware specification is open, and the parts are relatively easy to buy. This is motivated not only by ethical concerns, but also security concerns: being able to assemble it yourself makes it harder for an adversary to inject a trojan during production. Niibe also avoids specialized hardware. This has less to do with making it easier to get the components, and more to do with security: getting documentation for secure chips, for instance, requires signing an NDA and, due to their specialized nature, are more likely to have a backdoor. Instead, the GnuK uses a general purpose MCU (microcontroller unit). To protect the secret key material, it uses the flash ROM protection feature. There are currently discussions underway to further increase the security of this by partially decrypting the secret key material on the host with its much more capable CPU, which would make a brute force attack significantly more expensive should the key material be extracted. The GnuK can currently be ordered either from seeed or the FSF.

Andre discussed how to use GPGME. The main takeaway is that although GPGME's API is sometimes inconveniently low-level and some features are missing, it is much easier to interact with GPG using GPGME than to build another parser to parse GPG's --status-fd output. Moreover, language bindings, such as Andre's bindings for Qt, can significantly simplify working with GPGME.

Daniel reported on GnuPG in Debian. In particular, he discussed how Debian is dealing with co-installing GnuPG 1.4 and GnuPG 2.1, migration from 1.4 to 2.1, managing background processes, and system integration. He also discussed some issues that he has observed with packages that use GnuPG. In particular, their test suits often don't test their use of GnuPG, because this requires so much effort. He indicated that one thing that would make life easier would be standard pinentry driver programs for different languages. He's since submitted those for PHP, Perl, Python and Bash, and they will be part of the next GnuPG release.

Another talk included a discussion of encrypted mailing list software and the current state of Schleuder by Ilf and Paz. Schleuder is apparently the only encrypted mailing list software that currently works (it is also actively maintained). Its design, however, requires that the mailing list server be able to decrypt the messages in order to reencrypt them to all of the subscribers. The authors would like a better solution, but, as they point out, there are ideas out there (including my own proposal for practical encrypted mailing lists), but none of them work today. This presentation was also reported on by Golem.

One of my favorite talks was Nick Skelsey's talk on GlobaLeaks. He discussed typical leaking interactions, how their leaking platform works, and the issues they face making the platform secure in the face of non-technical users.

Other talks included an overview of some work that the German BSI has contracted, an analysis of OpenPGP, a history of OpenPGP, OpenKeychain UX decisions, how to bypass pinentry, an update on the sks keyservers, an overview of PEP, and an analysis of the keyserver data.

Given the very positive reactions from the participants and our own positive impressions, we expect there to be a second edition of the conference in the near future.