**********************************************************************

Name: Manuel Freire

Email: droggo@gmail.com

Project Title: bpg (BSD Privacy Guard)

**********************************************************************

Synopsis
========

The "BSD Privacy Guard" is my proposal for developing a PGP-like tool
for NetBSD. It would provide confidentiality, authentication and
integrity in an hybrid (both symmetric and assymmetric) key system.

"BSD Privacy Guard" aims to follow the OpenPGP standard (RFC
2440). This is so because it's crucial that it will be compatible with
PGP and GnuPGP, for obvious usability reasons.

This project would be licensed under a BSD license, in order to be
able to be included in the NetBSD OS. In the same way that almost all
Unixes nowadays include an SSH client and server, I would like to see
people having a privacy guard installed by default in their OS's and
getting used to utilize it, both with email communications and with
regular files in the system.

The license problem would be deep enough to justify writing a new
application. But this is also a pretty good chance to fix some of the
problems that PGP and GnuPG have:

* They are monolithic. You have one big application for two problems
  of different nature: key management and message privatization.

* They are interactive (i.e. not typical Unix filters). This is ugly
  when you are a Unix freak and want to type `elegant' things like:

    bpg --sign < message > signed_message

* Their design doesn't allow creating new user interfaces. I would
  like that the "BSD Privacy Guard" design allow different user
  interfaces (command-line, ncurses interface, X-Window GUI...). This
  can be done by storing the application kernel functions in a library
  ("libbpg").


Project Description
===================

As I expressed in the synopsis, I would bet for a modularized design,
being each module built from:

* a library with the functionality and,
* a user interface (if the module constitutes an application by
  itself).

For instance, the module "bpgkey" would have a library ("libbpgkey")
with all the functions (create_pair, read_key...) and a user interface
that uses the library, allowing the user to interact with it.

Modules
-------

* bpg: is the main module. It manages all the operations with files
  (encryption, decription, signing...). It's the kernel of the
  application.

* bpgkey: the key management module. It's an independent program, and
  my idea is that it stores keys in the keyrings in the ".keyrings"
  directory in each user's home directory. The independency of this
  module would permit some pretty fancy features, like allowing to be
  run as a daemon in the future and automatically become a key server.

* bpgalgo: this module stores the algorithms. It hasn't a user
  interface, since it is only a library that contains all the
  algorithms that the privacy guard will use. Algorithm's code will be
  obtained from OpenSSL or other BSD-licensed code suggested by NetBSD
  mentors.

* more modules: there can be more modules to get a thinner granularity
  if suggested by NetBSD mentors.

Security
--------

Since the "BSD Privacy Guard" will be a cryptographic application it
is crucial to design and code with security in mind.

For this, as much code as possible will be reused from other projects
if it showed robustness and security. Also, the design of the
application and the code I write will be continuously peer-reviewed
with users and security experts (I know some, NetBSD surely has many
and I also have experience in this area).

Standarization
--------------

The functionality of the program will be extracted from the OpenPGP
standard, as I mentioned in the synopsis. My goal is to make it 90%
OpenPGP compatible for the end of the summer, and then keep on working
to make it 100% compatible and quite stable in a couple of months.


Project Schedule
================

Project start (June 25th): Contacting my mentors and creating the
project infrastructure: CVS, web site...

Analysis (June 25th - 28th): Reading the OpenPGP standard and making a
list of the features that will be included in the first version (the
Summer-of-Code version).

Design (June 29th - July 5th): Here I will discuss the design with my
mentors and start writing the skeleton of the modules and tests.

Codification (July 5th - August 15th): Coding, coding and more
coding. Intense peer-reviews.

Preliminary release (August 15th - 29th): The CVS snapshot will become
the preliminary version. Receiving users feedback for bugs. No more
features added. All tests must pass since the preliminary version is
released.

Stable release (August 30th): The CVS snapshot in August, 30th will be
the first stable version.

**********************************************************************

Bio
===

My name is Manuel Freire. I was born in October 5th, 1983 in Marin
(Pontevedra), in the northwest of Spain. I'm nowadays studying and
living in Madrid.

I love computers since I was a child (actually, I learned the alphabet
when I was 3 with my brother's Amstrad CPC128. Four years ago I began
studying Computering Engineering at Antonio de Nebrija University here
in Madrid.

My favourite areas in computing are programming, security,
cryptography, OS's (Unix) and videogames.

I wrote a PGP-like open-source application some months ago named
"myPGP" (http://mypgp.sourceforge.net). Despite its not finished and
the code was written ad-hoc, I learned many things about PGP and Unix
programming. I'm sure this experience will be very useful in order to
write the "BSD Privacy Guard".

I am currently working in a biometrics research lab at the Universidad
Autonoma de Madrid.
