Application of Edouard Carre
Name : Edouard Carre
Contact/Email : mail : carre.edouard@gmail.com, irc : ecarre(freenode), Smoi(Debian)
Background :
I am student at the University of Technology (IUT) in Belfort (France), where I learn a lot of languages such as Python, Java, and some other. I improve other languages which I work before like C/C++, HTML, PHP, ?JavaScript, MySQL... I learn this languages with personal training when I was in High School, and with one project for school with an other student. I like to discover new knowledge on internet or with talking with friends.
- I work on my two server at home that are Debian server. One of them is a router for my personal network. It is my DHCP, my DNS and my firewall. It manage my different VLAN with my switch. The second server is for everything else. I've install a webserver (with HTTPS), a VPN (OpenVPN), a Subsonic server (music sharing), and some useful tools.
- I work with OpenSSL for HTTPS connection or for my VPN. I create my own Certificate Authority for me and some friends who wants.
Project title : Improving PKI on Debian
Synopsis : Increase the security of PKI by using a keyring service.
Project details :
- RSA key security is based on the secret of the private key. This key must be hide and protected. But software should use it and they can be a vulnerability too. Process can read private key and store them to use each time it need. But if the process crash, it may leave a core dump file with the key.
- A solution is to store private key into independent process. This process can read key and use it for the other software which need it. It can verify if the software had the authorization to use one key. The sysadmin can create an access control list to restrict software and which key they can use.
- This software can also check the end date of certificate and warn sysadmin/execute some script.
Benefits to Debian :
- A better management of the access to private key.
- A warning for certificate expire.
- An improvement of private key security.
Deliverable :
- A software/daemon which read private key and give restrict use to other software.
- An API/Documentation to use it
Project schedule :
Before summer : Preparation
- - Establishment of the project with mentors. Which technology are better for this project...
- - Learn more about OpenSSL, UNIX socket, Debian package and other important point I can found with mentors.
- - Looking for some open source code that can help for the project. How use private key, certificate...
- - Installing tools and a testing environment (VM)
End June / Mid-July : Starting development
- - Try to communicate with other software.
- - Read certificate and locate end date.
Mid-July / End-July : Control access
- - Be able to warn root when a certificate expire (or is near to expire)
- - Have a control access list, and be able to modify it easily.
Mid-term evaluations
End-July / Mid-August : Use private keys
- - Be able to receive some data and use the right private key on it.
Mid-August / End-August : Write API and test
- - Write an API to use this process.
- - Testing the code
September : Finishing
- - Improve code, write documentation, last test.
Exams and other commitments : It's possible I'm a little busy in June
Other summer plans : I search for a summer job but I don't take one if I'm accepted in SoC.
Why Debian? :
- I use Debian as main OS. I use it to work of course but for internet surfing too and other common things. Only big game require a powerful hardware are on my desktop computer with windows.
- Before, when I start to use Linux, I was on Ubuntu but I think it is a little bit heavy. It is for new user on Linux with some common package but not very useful for me. I use Debian with only software I use (useful or not (sl is on my each Debian install, but it is not very useful)). I have a lighter OS.
- I use Debian for my server too, I found every server package I need for Debian and it's easy to install.
- I have a great confidence in Debian, it's a old project, there is a lot of software compatible and with a big community. I think for intermediate user like me it is a very good choice.
Are you applying for other projects in SoC? : No, I'm only applying for this project.