Project Description

• Name: Improving PGP/GPG Encryption Support in LibreOffice

• Mentors:

  • Thorsten Behrens (IRC: thorsten), mail: thb@libreoffice.org
  • Heiko Tietze (IRC: htietze), mail: heiko.tietze@documentfoundation.org
  • Hossein Nourikhah (IRC: hossein), mail: hossein@libreoffice.org

• Goal: To enhance the experimental PGP/GPG encryption support in LibreOffice by addressing several shortcomings, such as the need to select recipients anew for every safe and the difficulty in finding the right keys. The project will also focus on developing smart searching, traversing, and filtering capabilities for large keyrings, as well as adding asynchronous querying for improved performance.

About me

I am a Computer Engineering and Mathematics student with a 4.0 GPA. I have been an Arch Linux user for about eight years. My usage and tinkering for DWM and a wide spectrum of FOSS provided me with a solid understanding of C. Besides that, I have been interested in Competitive Programming which, besides academic involvement, provided me with a strong understanding of C++, especially its newly updated features.

Also, I am the founder and current president of the Open Source Community in the American University in Cairo. Even though I have not contributed in large Open Source pull requests, my love and passion for FOSS made me try to populate such a philosophy among CS students in my university, filling in a blindspot that numerous students have. I have managed and overseen Linux and Open Source Contributions' workflow workshops. My passion for FOSS is the main drive behind trying to be a part of the community. I am currently a junior in the university and I am trying my best to extend my contribution to the open source community as much as I can. My continuous interaction with Linux systems and FOSS in general made me extremely familiar with PGP/GPG Encryption as of using it on multiple occasions holding competitions and distributing work in general.

I have also been a stable user for LibreOffice for a large margin of time. I have also worked with QT in multiple University Projects which a subset of them can be viewed in my github or my cv. Thus, I acquire a solid basis of understanding for QT.

In the past few weeks, I have started building and running Libreoffice from source to make developer environment and dependencies set up on my machine as a part of the set homework for myself. Currently, I have a vision for the process I will take throughout working in such a project.

Homework

• Build LibreOffice from source, set up dependencies and dev environment [Done]
• Familiarize myself with the current implementation of PGP/GPG encryption support in LibreOffice.
• Learn more, in a rigorous form, about specific attributed of public key cryptography and how it is used in PGP/GPG encryption. This also includes familiarizing myself with the OpenPGP standard and its implementation in GnuPG.
• Experiment with different keyring sizes to gain insight into the challenges associated with large keyrings.

Plan

1. Understand the current implementation of PGP/GPG encryption support in LibreOffice.

   • Familiarize myself with the relevant codebase.
   • Learn about the existing user interface for PGP/GPG encryption support.
   • Understand the workflow for encrypting and decrypting documents with PGP/GPG encryption.

2. Implement recipient selection for PGP/GPG encryption.

   • Develop a mechanism to remember selected recipients for future saves.
   • Improve the recipient selection UI to make it more intuitive and user-friendly.
   • Develop a feature to automatically select recipients based on previous saves.

3. Develop smart searching, traversing, and filtering capabilities for large keyrings.

   • Implement a mechanism to intelligently search for keys in large keyrings.
   • Develop a UI for navigating large keyrings.
   • Implement a filtering feature to narrow down search results.

4. Add asynchronous querying for improved performance.

   • Develop a mechanism for asynchronous querying of keyrings.
   • Optimize keyring queries for improved performance.
   • Test the new asynchronous querying feature with large keyrings.

5. Finalize the project.

   • Ensure that all features are fully tested and functional.
   • Provide documentation for all new features.
   • Conduct a code review and make any necessary improvements. Submit the final project.

Timeline

Official Timeline

• May 4 - May 28: Community Bonding Period | GSoC contributors get to know mentors, read documentation, get up to speed to begin working on their projects;
• May 29 - July 13: Coding officially begins;
• July 14 - August 21: Work Period | GSoC contributors work on their project with guidance from Mentors;
• August 21 - August 28: Final week.

Details

• Before May 4

  • Work on finishing all parts of the homework, to facilitate working on the next steps.
  • Communicate with the LibreOffice community in case of queries regarding the full setup.

• May 4 - May 28

  • Communicate with the mentor to discuss the project in detail.
  • Finalize step (1) and start on step (2) of the plan, preparing a clear extensively detailed plan for all of the remaining sections of the project.

• May 29 - July 13

  • Finalize step (2) and start in steps (3) and (4) of the plan synchronously. Coming out with a clear base for the work to be done and having implemented the first set of features as per the project proposal.
  • Prepare for Phase 1 evaluation.

• July 14 - August 21

  • Finalize working on step (3) and (4) of the plan, working in feedback provided through the previous phase.
  • Leaving a space of a buffer week for possible unpredictable problems that may arise.
  • Start working on developers' documentation

• August 21 - August 28: Final week.

  • Code style and general quality review.

Technical Details

After investigation of the main codebase and xmlsecurity docs to check current implementations, specific parts will need to be investigated in order to work on the specified issues. The work will include rewiring specific parts if needed and adding the new optimizations/ implementations, a basic initial points to work on are:

1. Selecting recipients anew for every save: One possible solution is to add the option to save recipient lists for future use. This would allow users to save time by not having to select recipients anew every time they save a document. One possible way to implement this feature would be to add a new dialog box where users can manage their recipient lists. The dialog box could include options to create, edit, and delete recipient lists, as well as an option to select a recipient list when saving a document. Possible files/classes that might need to be modified or added include:

   • Incremental editing for certificatechooser dialogue to add a button for managing recipient lists and to call the recipient list dialog box.
   • A new "recipientlistdialog.cxx" will be created for the recipient list dialog box. This file would need to be created and integrated into the codebase.

2. Finding the right keys: One possible solution is to improve the key selection interface by adding better filtering, searching, and sorting options. For example, users could search for keys by name, email address, or key ID. Another possible solution is to improve the key import process by automatically adding the public keys of email recipients to the keyring. Possible files/classes that might need to be modified or added include:

   • certificatechooser will need to be modified to add new filtering and searching options to the key selection dialog box.
   • The docfac.cxx file, which contains the code for importing and exporting documents. This file might need to be modified to automatically add the public keys of email recipients to the keyring.

3. Keyrings can get potentially infinitely large: One possible solution is to add the ability to manage keyrings more efficiently by adding better filtering, searching, and sorting options. For example, users could filter keys by type, expiration date, or trust level. Another possible solution is to automatically remove keys that are no longer needed or have expired since by a quick trial, I founded out that around 43% of the OpenPGP keys in the dialog in my setup are either not trusted or damaged. However, a survey may need to be made across a subset of the community to assure the magnitude of this part. A more solid solution would be adding the option to view invalid keys while having them hidden by default.

4. Smart searching / traversing / filtering is needed: One possible solution is to improve the search function by adding better filtering and sorting options. For example, users could search for keys by name, email address, or key ID. Another possible solution is to add the ability to group keys by type, expiration date, or trust level. This part will an extension and improvement of part (2) with the addition of more options.

5. Asynchronous querying: One possible solution is to add the option to retrieve keys in the background while the user continues working on their document. This would improve the user experience by reducing the time it takes to retrieve keys and preventing LibreOffice from becoming unresponsive. One possible way to implement asynchronous querying would be to add a new thread that retrieves keys in the background while the user continues working on their document. However, it was mentioned in CertificateChooser::run() that checking for certificates can't occur before raising the dialog because of a NoPassword exception raised by mozilla's implementation. Thus, this part will need to be handled and may include as well editing in SignatureDialog to work out a solution that handles it in a background thread without needing to call the certificate chooser dialog. Also, a possible solution is to work on optimizing PostUserLink or rework the key retrieval process which will take part in editing SecurityEnvironment with possible edits for the workflow of the signature environment in XMLSignatureHelper and UriBindingHelper.

Why me

I believe I would be a good fit for this project because of my extensive knowledge in C and C++. Besides that, being a natural user of LibreOffice, GnuGPG, in my daily drive constructed a solid understanding for the intended final product. I believe that my technical skillset is a perfect match for the project's needs. My passion for FOSS has started with me as a normal user with no experience in development, this extended when I decided to major in Computer Engineering where I got an actual programming experience. I believe that this passion that pushed me to start Open Source Community in my university to teach people about FOSS philosophy is the same one that pushes me to be a contributing member of the community. LibreOffice was one of the first FOSS that I have ever used when I was a young boy, having an opportunity to translate both my passion and development experience into such a project is a thing I have always dreamt of. Contributing to such a project is not bounded to GSoC, but it is only a small step that I wish it pushes me into more contributions in the future in different FOSS. If anyone asks my professors or colleagues to describe me, the answer would usually be the Open Source enthusiast or the Linux nerd. I hope this project becomes the step that allows me to live up to these titles. I believe my enthusiasm to the open source community is non-ending and will extend, in the future, to a wider spectrum.