This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Off the record 4 Java Project
|
IntroductionPrivacy is daily reality for many internet users. Eavesdropping user's content and using it for various reason is not desired by many of the application users. Putting trust on communication channel, service provider or government not to intercept your content is not a good idea OTR framework solves this problem by cryptographically processing the users content in transit and at rest. no eavesdropper can read the content, not even the service provider
What is OTR ?OTR4J stands for off-the-record for Java. end-to-end encryption (off-the-record) is a system of communication where only communicating users can read the messages, neither eavesdropper nor communication facilitator channels can read messages. OTR4J provides simple framework and prototype that helps developers to easily implement end-to-end encryption into Java application. Example applications are messaging, file transfer, secure information transfer application Why use otr4j ?It provides high degree of privacy and security. Some users have thinking that they have got nothing to hide and they are ok with sharing content. This is too local and narrow perspective to privacy concerns. How does it work ?OTR4J uses hybrid cryptography system. It uses RSA and ECDH for key exchanges and AES encryption. Technical details of protocol is explained here Example APIBob sends message to Alice OTRClient bobClient = OTRClient.get(config);
bobClint.login("bob", "password");
bobClient.sendMessage("Hello Alice", ALICE_USER_ID);
Alice reads messages OTRClient aliceClient = OTRClient.get(config);
aliceClient.login("alice", "password");
aliceClient.readMessages();
Broader GoalMain Goal: Provide ability to strengthen privacy by providing stronger end-to-end encryption in transit and stronger encryption at rest to application developers by simpler API in most of the popular languages Quarter Goal January - March 2017This section will keep on updating - Better API: Simplify APIs and document them for Java - Privacy at Rest: APIs for privacy at rest - Awareness: Get 3 clients using this framework in real life [please let us know by email if you already use it. to keep track of the goal's progress] LicensingCopyright 2016 Jigar Joshi Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. |
Project LeaderProject Leader - Jigar Joshi Related ProjectsClassifications
|
News and Events
API APIs for basic functionality is available Basic client with in-memory storage is provided for reference
Privacy in transit is available Message authentication and out of the band verification User authentication for REST MySQL based message store for server Configurable toggles are available for various knobs of encryption | ||||||
