Skip to content

Commit

Permalink
add Chromium usage instructions [skip ci] (#245)
Browse files Browse the repository at this point in the history
* add Chromium usage instructions [skip ci]
  • Loading branch information
baentsch authored Nov 3, 2023
1 parent a6f60e5 commit 91503b4
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 2 deletions.
20 changes: 20 additions & 0 deletions chromium/USAGE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# OQS-chromium

This file contains usage information for a build of Chromium configured to also support quantum-safe crypto (QSC) operations.

All information to build this from source is contained in the [main subproject README](https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium).

For the unwary user we *strongly* recommend to use a ready-build binary (for x64 Linux) available in the most current [release of oqs-demos](https://github.com/open-quantum-safe/oqs-demos/releases).

## Quick start

1) Execute `./chrome` (or `chrome.exe` in case of a Windows build) in the directory to which oqs-chromium has been built or extracted to.
2) Navigate to [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and [download the current test server certificate](https://test.openquantumsafe.org/CA.crt).
3) Install the certificate in the Chromium certificate store by clicking on "..." in the upper right hand corner , then/-> "Preferences" -> "..." in upper left corner -> "Privacy and Security" -> "Security" -> "Certificate Management" -> "Certification Authorities" -> Import: Load the file "CA.crt" downloaded in step 2.
4) Return to the test server at [https://test.openquantumsafe.org](https://test.openquantumsafe.org) and click any of the supported ports representing all available quantum safe KEM and signature algorithms. A success message is returned if everything works as intended.

Please note that not all algorithm combinations are expected to work. Most notably, none of the X25519 or X448 KEM hybrids are supported by the [underlying integration of OQS-BoringSSL](https://github.com/open-quantum-safe/boringssl).

Please create a [discussion item](https://github.com/open-quantum-safe/boringssl/discussions/landing) if you feel some algorithm combination that does not work should do.


2 changes: 1 addition & 1 deletion nginx/fulltest-provider/index-template
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ tr:nth-child(even) {
<ol>
<li>This test server by no means should be taken as containing production-ready software. See <a href="https://github.com/open-quantum-safe/openssl#limitations-and-security">disclaimer</a>. Its purpose is simply to provide a best-effort facility to allow anyone to "test-drive" QSC software packages including testing protocol level interoperability.</li>

<li>When using the <a href="https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium">OQS-enabled Chromium build</a> to access this web site, be aware of the limitations concerning supported algorithms as documented <a href="https://github.com/open-quantum-safe/boringssl/wiki/Implementation-Notes">here</a>. <!--Therefore, only the following hybrid KEM algorithms will work: P256_BIKEL1, P256_FRODO640AES, P256_KYBER90S512, P256_NTRU_HPS2048509, P256_LIGHTSABER. Using the browser's search function ("CTRL-F") for these algorithm names on this page provides quick access to the ports running these algorithms. Also note that OQS-Chromium does not support any hybrid signature algorithms. Alternatively, use the <a href="chromium-base.html">OQS-Chromium algorithm list page</a> to access these algorithms.</li>-->
<li>When using the <a href="https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium">OQS-enabled Chromium build</a> to access this web site, please heed its <a href="https://github.com/open-quantum-safe/oqs-demos/blob/main/chromium/USAGE.md">usage instructions</a>.
<li>When using the <a href="https://github.com/open-quantum-safe/oqs-demos/tree/main/epiphany">OQS-enabled GNOME Web/epiphany browser</a> to access this web site, all ports can be accessed, provided the browser is suitably started enabling the algorithms of interest. Please <a href="https://hub.docker.com/repository/docker/openquantumsafe/epiphany">read the documentation</a> how to do this.
</ol>

Expand Down
2 changes: 1 addition & 1 deletion nginx/fulltest/index-template
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ tr:nth-child(even) {
<ol>
<li>This test server by no means should be taken as containing production-ready software. See <a href="https://github.com/open-quantum-safe/openssl#limitations-and-security">disclaimer</a>. Its purpose is simply to provide a best-effort facility to allow anyone to "test-drive" QSC software packages including testing protocol level interoperability.</li>

<li>When using the <a href="https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium">OQS-enabled Chromium build</a> to access this web site, be aware of the limitations concerning supported algorithms as documented <a href="https://github.com/open-quantum-safe/boringssl/wiki/Implementation-Notes">here</a>. Therefore, only the following hybrid KEM algorithms will work: P256_BIKEL1, P256_FRODO640AES, P256_KYBER90S512, P256_NTRU_HPS2048509, P256_LIGHTSABER. Using the browser's search function ("CTRL-F") for these algorithm names on this page provides quick access to the ports running these algorithms. Also note that OQS-Chromium does not support any hybrid signature algorithms. Alternatively, use the <a href="chromium-base.html">OQS-Chromium algorithm list page</a> to access these algorithms.</li>
<li>When using the <a href="https://github.com/open-quantum-safe/oqs-demos/tree/main/chromium">OQS-enabled Chromium build</a> to access this web site, please heed its <a href="https://github.com/open-quantum-safe/oqs-demos/blob/main/chromium/USAGE.md">usage instructions</a>.
<li>When using the <a href="https://github.com/open-quantum-safe/oqs-demos/tree/main/epiphany">OQS-enabled GNOME Web/epiphany browser</a> to access this web site, all ports can be accessed, provided the browser is suitably started enabling the algorithms of interest. Please <a href="https://hub.docker.com/repository/docker/openquantumsafe/epiphany">read the documentation</a> how to do this.
</ol>

Expand Down

0 comments on commit 91503b4

Please sign in to comment.