GSoC/GCI Archive
Google Summer of Code 2013

Crypto Stick

Web Page: https://www.assembla.com/spaces/cryptostick/wiki/Ideas

Mailing List: http://lists.crypto-stick.org/mailman/listinfo/dev

The Crypto Stick projects develops Open Source software for next generation security USB keys with an integrated smart card for authentication in the Internet, to enable highly secure encryption of e-mails and data, and for access control. The project was founded 2006. Core developers come from Germany, Poland, Singapore and Vietnam.

 

Secret keys are always stored securely inside the Crypto Stick. Their extraction is impossible which makes the Crypto Stick immune to computer viruses and Trojan horses. The user-chosen PIN and the tamper-proof design protect in case of loss and theft. The complete software stack is Open Source to allow verifying the security and integration with own applications. Different PCB/boards on the market can be used for development.


Many exciting features are already implemented such as support of SSH, GnuPG, Mozilla Thunderbird, OpenSC. Currently the Crypto Stick community works on the implementation of Google's two-factor authentication OATH and other services such a Facebook and Twitter. Other ideas on the roadmap are integration with popular webmailers such as Gmail.

Projects

  • OpenPGPjs integration Extend the OpenPGPjs framework so that it may communicate with and use the CryptoStick's facilities for the actual cryptographical operations, as well as key/certificate management.
  • True Crypt improvement True Crypt already has the capability to use smart cards (via PKCS#11) to unlock encrypted volumes. However, this feature is suboptimal (from a security standpoint) and need to be improved