Geysigning - an easy way to sign keys over the local network

Short description

At this moment signing OpenPGP keys is a tedious process. It requires the signing party to download the key, verify its integrity, verify the information on the key being correct and finally redistribute the signed public key. Each of these steps are considered to be crucial and protocols for so called Keysigning Parties have been developed to help this process.

The aim of this project is to provide GNOME with a simplistic set of tools that will integrate seamlessly into the desktop and which will ease up the process of signing Open PGP keys

About me

I am second year student in The Computer Science Faculty, at University "POLITEHNICA" of Bucharest, Romania. I have contributed in the past to open source projects, and also participated on tech talks and courses held by an organisation from my university. I like to build things and I like to develop quality software.

Contact me at :

  • IRC (GimpNet / Freenode) : andreimac

  • Email : andrei.macavei89 AT SPAMFREE gmail DOT com

I will also post my working progress on this blog.


Now - May, 19

Continuous documenting for Geysign and also research how to integrate parts of Monekeysign project. Fix some issues issues with Monekeysign -e.g: camera freezes after scanning a barcode

19 - 23 May

Discuss the architecture and design of the keysigning interface.

May, 26 - June, 8

Create the application's GUI which is composed of two main parts: I.The Keys View and II.The Import Keys View

9 - 22 June

Implement ZBar barcode reader. This should be a straightforward implementation because Monkeysign already has this implemented. Add support for GnuPG to replace the flawed gpgme API.

June, 23 - July, 6

Implement the UI widget that will allow user to export a key to a file on disk. Create tests for the above integrated modules as well as for major functions of the GUI.

7 - 20 July

Implement the Avahi API in order to make Geysign discoverable on a local network. Create the communication protocol that uses a MAC (message authentication code) to authenticate data.

July, 21 - August, 3

Now that we can encrypt and authenticate data, implement the GUI widgets used to send a confirmation email back to the signed key's owner. Start working on opening an authenticate channel in order to make the first key exchange securable.

4 - 17 August

Write remaining tests , refactor code . Write enhanced documentation. If desired ( as a “suitable” option ) implement a way for user to revoke a signature.

18 August

Submit final evaluation. Further development will be done here after GSoC ended :)

Project status When I started this project I had only some GUI mockups that I have made in order to get accepted to GSoC. Now Geysign has a lot of features implemented , some of them were in the initial schedule but some were not. There are still a few things that aren't yet done.

Geysign now does:

  • Display your personal keys from which you can choose one at a time to get it signed by others
  • Generates a QR code for the key selected; the barcode encodes the fingerprint and can be scanned by another Geysign app that will decode it. The fingerprint can also be typed if device doesn't have a video camera. After this the process of downloading and authenticating the key can be started
  • By using avahi, the app can publishes itself on network and also discovers other Geysign services in order to transfer the key. This is done to spare the user from getting the ip address and port manually. You just "plug and play" into the network and Geysign will do its job.
  • It will start a local HTTP server that will be used to send the key from one Geysign app to an other one.
  • Authenticates the key data received by comparing the scanned fingerprint with the one from the received key (which was previously imported into a temporary keyring)
  • If the two fingerprints match, user can proceed with signing the key and exporting it.
  • It will email the key back to the owner by using xdg-email that will itself use the user's preferred e-mail composer.

The last point (sending an email) and also the remaining work that still needs to be done I will do it outside GSoC program. In the future Geysign could be available as a part of Seahorse. It was a nice experience for me to work for this project and I will definitely continue contributing to GNOME.

Links to git repository:

Outreach/SummerOfCode/2014/Projects/AndreiMacavei_Geysigning (last edited 2015-06-09 08:50:29 by AndreiMacavei)