Website build build-and-publish-website/master-4075
diff --git a/contributing/index.html b/contributing/index.html
index f08b0b2..d52fd3f 100644
--- a/contributing/index.html
+++ b/contributing/index.html
@@ -10,14 +10,11 @@
<title>Contributors Guide | CogniCrypt</title>
<meta property="og:title" content="Contributors Guide | CogniCrypt" />
<meta name="twitter:title" content="Contributors Guide | CogniCrypt" />
-<meta name="description" content="There are several opportunities for non-project-members to contribute to CogniCrypt: * CogniCrypt users may contribute Bug Reports and Feature Requests.
-* Regular developers who take interest in CogniCrypt may provide bug fixes and other kind of code contributions. * Lastly, cryptography experts may share their own cryptographic components so that they can be used by CogniCrypt users.
+<meta name="description" content="There are several opportunities for non-project-members to contribute to CogniCrypt. CognICrypt users may contribute bug reports and feature requests. Regular developers who take interest in CogniCrypt may provide bug fixes and other kind of code contributions. Lastly, cryptography experts may share their own cryptographic components so that they can be used by its users.
Bug Reports and Feature Requests In case you find a bug or have an idea for a feature, please check out CogniCrypt’s issue tracker.">
-<meta property="og:description" content="There are several opportunities for non-project-members to contribute to CogniCrypt: * CogniCrypt users may contribute Bug Reports and Feature Requests.
-* Regular developers who take interest in CogniCrypt may provide bug fixes and other kind of code contributions. * Lastly, cryptography experts may share their own cryptographic components so that they can be used by CogniCrypt users.
+<meta property="og:description" content="There are several opportunities for non-project-members to contribute to CogniCrypt. CognICrypt users may contribute bug reports and feature requests. Regular developers who take interest in CogniCrypt may provide bug fixes and other kind of code contributions. Lastly, cryptography experts may share their own cryptographic components so that they can be used by its users.
Bug Reports and Feature Requests In case you find a bug or have an idea for a feature, please check out CogniCrypt’s issue tracker.">
-<meta name="twitter:description" content="There are several opportunities for non-project-members to contribute to CogniCrypt: * CogniCrypt users may contribute Bug Reports and Feature Requests.
-* Regular developers who take interest in …">
+<meta name="twitter:description" content="There are several opportunities for non-project-members to contribute to CogniCrypt. CognICrypt users may contribute bug reports and feature requests. Regular developers who take interest in …">
<meta name="author" content="Eclipse Foundation"/>
<link href='https://www.eclipse.org/cognicrypt/favicon.ico' rel='icon' type='image/x-icon'/>
<meta name="twitter:card" content="summary" />
@@ -236,53 +233,44 @@
<div class="col-md-10">
-<p>There are several opportunities for non-project-members to contribute to CogniCrypt:
-* CogniCrypt users may contribute <strong>Bug Reports</strong> and <strong>Feature Requests</strong>.<br />
-* Regular developers who take interest in CogniCrypt may provide <strong>bug fixes</strong> and other kind of <strong>code contributions</strong>.
-* Lastly, cryptography experts may share their own <strong>cryptographic components</strong> so that they can be used by CogniCrypt users.</p>
+<p>There are several opportunities for non-project-members to contribute to CogniCrypt. CognICrypt users may contribute bug reports and feature requests. Regular developers who take interest in CogniCrypt may provide bug fixes and other kind of code contributions. Lastly, cryptography experts may share their own cryptographic components so that they can be used by its users.</p>
<h1 id="bug-reports-and-feature-requests-a-name-bugs-a">Bug Reports and Feature Requests <a name="bugs"></a></h1>
-<p>In case you find a bug or have an idea for a feature, please check out <a href="https://github.com/CROSSINGTUD/CogniCrypt/issues">CogniCrypt’s issue tracker</a>. If your problem or request is not yet being addressed there, please file a <a href="https://github.com/CROSSINGTUD/CogniCrypt/issues/new/choose">new issue</a>.</p>
+<p>In case you find a bug or have an idea for a feature, please check out <a href="https://github.com/CROSSINGTUD/CogniCrypt/issues">CogniCrypt’s issue tracker</a>. If your AAproblem or request is not yet being addressed there, please file a <a href="https://github.com/CROSSINGTUD/CogniCrypt/issues/new/choose">new issue</a>.</p>
<h1 id="code-contributions-a-name-code-a">Code Contributions <a name="code"></a></h1>
-<p>Any contributions - no matter whether they are bug fixes or new features - are very welcome. That being said, since CogniCrypt is an official Eclipse project, only official committers may contribute directly to the repository without any review. Commits from non-committers are possible, but must be reviewed by someone with committer status and come in a certain form, described by the <a href="https://www.eclipse.org/projects/handbook/#resources-commit">Eclipse manual</a>. In short, apart from the usual <em>author</em> tag, each commit needs to come with a <em>signed-off-by</em> tag at the bottom of the commit message. Pull requests that contain commits from non-committers not following this structure may not be accepted. Note: Regular long-time contributors who wish to continue contributing may apply to project-committer status.</p>
+<p>Any contributions - no matter whether they are bug fixes or new features - are very welcome. That said, since CogniCrypt is an official Eclipse project, only official committers may contribute directly to the repository without any review. Commits from non-committers are possible, but must be reviewed by someone with committer status and come in a certain form, described by the <a href="https://www.eclipse.org/projects/handbook/#resources-commit">Eclipse manual</a>. In short, apart from the usual <em>author</em> tag, each commit needs to come with a <em>signed-off-by</em> tag at the bottom of the commit message. Pull requests that contain commits from non-committers not following this structure may not be accepted. Note: Regular long-time contributors who wish to continue contributing and may apply to project-committer status.</p>
<h1 id="cryptographic-components">Cryptographic Components</h1>
-<p>In general, crypto experts can contribute in two ways:
-* First, they can contribute support for new cryptographic primitives (e.g., encryption schemes, key agreement algorithms, digital signature algorithms).
-* Second, they can integrate new cryptographic use cases for CogniCrypt to offer to the users for code generation.</p>
+<p>In general, crypto experts can contribute in two ways. First, they can contribute support for new cryptographic primitives (e.g., encryption schemes, key agreement algorithms, digital signature algorithms). Second, they can integrate new cryptographic use cases for CogniCrypt to offer to to users for code generation. In the context of CogniCrypt, these use cases are called tasks. Examples for cryptographic tasks that CogniCrypt already supports include file encryption, communication over secure channel, and user authentication mechanisms. Depending on how a task is integrated, it can use primitives that have been integrated before, but primitives are not directly exposed to the end user. For easier distinction, this guide separates contributing crypto experts into primitives developers and task developers. CogniCrypt users are being refered to as developers.</p>
-<p>In the context of CogniCrypt, these use cases are called <strong>tasks</strong>. Examples for cryptographic tasks that CogniCrypt already supports include: <strong>file encryption</strong>, <strong>communication over secure channel</strong>, and <strong>user authentication mechanisms</strong>. Depending on how a task is integrated, it can use primitives that have been integrated before. However primitives are not directly exposed to the end user. For easier distinction, this guide separates:
-* Contributing crypto experts into: <strong>primitives developers</strong> and <strong>task developers</strong>.
-* CogniCrypt users are being refered to as <strong>developers</strong>.</p>
-
-<p>In order to integrate a new primitive/task, two components need to be provided:</p>
+<p>In order to integrate a new primitive/task, two components need to be provided.</p>
<ul>
<li>Implementation</li>
<li>Usage rules</li>
</ul>
-<p>The implementation should encompass the full functionality of the primitive/task. To both <a href="../documentation/code-analysis">prevent developers from misusing a primitive/task</a> and <a href="../documentation/code-generation">facilitate the code generation for tasks</a>, usage rules describe how a task and/or a primitive is supposed to be used.</p>
+<p>The implementation should encompass the full functionality of the primitive/task. To both <a href="../documentation/code-analysis">prevent developers from misusing a primitive/task</a> and <a href="../documentation/code-generation">facilitate the code generation for tasks</a>, usage rules describe how a task and or primitive is supposed to be used.</p>
<h2 id="integrating-primitives-a-name-prim-a">Integrating Primitives <a name="prim"></a></h2>
-<h3 id="implementation">Implementation:</h3>
+<h3 id="implementation">Implementation</h3>
-<p>Primitives need to be implemented as <a href="https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm#JSSEC-GUID-C485394F-08C9-4D35-A245-1B82CDDBC031">Cryptographic Service Providers (CSP)</a> in Java. The JDK does not simply provide a set of implementations of cryptographic primitives to its users. Instead, a set of standardized and algorithm-specific interfaces is provided by the <a href="https://docs.oracle.com/javase/9/security/java-cryptography-architecture-jca-reference-guide.htm#JSSEC-GUID-2BCFDD85-D533-4E6C-8CE9-29990DEB0190">Java Cryptography Architecture(JCA)</a>. These interfaces must then be implemented by CSPs in order to provide cryptographic primitives to an application developer. With this design, the architecture around cryptography is made both independent of algorithms and implementations, as well as easily extensible. It enables primitives developers to implement their own algorithms as CSPs and plug them into the JCA. One CSP may include multiple primitives of multiple algorithm types.</p>
+<p>Primitives need to be implemented as <a href="https://docs.oracle.com/javase/9/security/howtoimplaprovider.htm#JSSEC-GUID-C485394F-08C9-4D35-A245-1B82CDDBC031">Cryptographic Service Providers (CSP)</a> in Java. The JDK does not simply provide a set of implementations of cryptographic primitives to its users. Instead, a set of standardized and algorithm-specific interfaces is provided by the <a href="https://docs.oracle.com/javase/9/security/java-cryptography-architecture-jca-reference-guide.htm#JSSEC-GUID-2BCFDD85-D533-4E6C-8CE9-29990DEB0190">Java Cryptography Architecture(JCA)</a>. These interfaces must then be implemented by CSPs in order to provide cryptographic primitives to an application developer. With this design, the architecture around cryptography is made both independent of algorithms and implementations as well as easily extensible. It enables primitives developers to implement their own algorithms as CSPs and plug them into the JCA. One CSP may include multiple primitives of multiple algorithm types.</p>
<p>The JCA comes with a <a href="https://docs.oracle.com/javase/9/security/oracleproviders.htm#JSSEC-GUID-FE2D2E28-C991-4EF9-9DBE-2A4982726313">number of default providers</a> that implement the most common cryptographic algorithms in several configurations. <a href="https://www.bouncycastle.org/java.html">BouncyCastle</a>, another cryptographic library for Java, can also be used <a href="https://www.bouncycastle.org/wiki/display/JA1/Provider+Installation">as a CSP</a>. It implements a wide range of cryptographic algorithms and configurations, including the ones implemented by the default CSPs.</p>
-<p>During runtime, the Java Virtual Machine (JVM) maintains an ordered list of all plugged-in CSPs. As illustrated in the figure below, when an algorithm in a certain configuration is requested by some application code, the JVM iterates through the list and asks each provider if it supports the requested algorithm and configuration. In case several CSPs support the same configuration, the implementation of the first CSP in the list to support the configuration is selected.</p>
+<p>During runtime, the Java Virtual Machine (JVM) maintains an ordered list of all plugged in CSPs. As illustrated in the figure below, when an algorithm in a certain configuration is requested by some application code, the JVM iterates through the list and asks each provider if it supports the requested algorithm and configuration. In case several CSPs support the same configuration, the implementation of the first CSP in the list to support the configuration is selected.</p>
<p><img src="https://docs.oracle.com/javase/9/security/img/architecture-service-provider-interface.gif" alt="JCA plug and play" /></p>
-<h3 id="usage-rules">Usage Rules:</h3>
+<h3 id="usage-rules">Usage Rules</h3>
-<p>Furthermore, developers of primitives should provide usage rules for their CSP. Any component may be misused and each and every such misuse within a security context leads to a potential security vulnerability. To illustrate the necessity for such rules, consider the following two examples. The code snippet in the Listing below is a simple example of a symmetric encryption using the JCA. The call in <em>Line 2</em> instantiates an object of class <code>Cipher</code>, which is using the symmetric block cipher <strong>AES</strong>. Although not obvious at first glance, method <code>getInstance()</code> does in fact not expect a single algorithm, but instead a<code>transformation</code> consisting of <strong>cipher</strong>, <strong>mode of operation</strong> and <strong>padding scheme</strong>. If the latter two are not provided by the developer (as in the code snippet below), the exact behaviour depends on the selected CSP. The default CSP of the JCA selects ECB as mode of operation by default. Unfortunately, in ECB mode, identical plaintext blocks are encrypted to identical ciphertext blocks. Consequently, any encryption of more than one block using this configuration is deemed insecure. To prevent such misuses, contributors may specify how to use their CSP correctly and securely.</p>
+<p>Furthermore, developers of primitives should provide usage rules for their CSP. Any component may be misused and each and every such misuse within a security context leads a potential security vulnerability. To illustrate the necessity for such rules, consider the following two examples. The code snippet in Listing~\ref{lst:enc} is a simple example of a symmetric encryption using the JCA. The call in Line 2 instantiates an object of class <code>Cipher</code>, which is using the symmetric block cipher AES. Although not obvious at first glance, method <code>getInstance()</code> does in fact not expect a single algorithm, but instead a<code>transformation</code> consisting of cipher, mode of operation and padding scheme. If the latter two are not provided by the developer (as in the code snippet below), the exact behaviour depends on the selected CSP. The default CSP of the JCA selects ECB as mode of operation by default. Unfortunately, in ECB mode, identical plaintext blocks are encrypted to identical ciphertext blocks. Consequently, any encryption of more than one block using this configuration is deemed insecure. To prevent such misuses, contributors may specify how to use their CSP correctly and securely.</p>
<pre><code>public byte[] encrypt(byte[] secret, SecretKey key) {
Cipher ciph = new Cipher.getInstance("AES");
@@ -301,11 +289,11 @@
<h3 id="implementation-1">Implementation</h3>
-<p>The implementation for a task may be provided to CogniCrypt as source code or a jar file. In this case, application developers get direct access to the code. If task developers do not wish to share the source code, they may provide access to the task’s functionality indirectly through an API. Suppose a task developer wants to offer long-term document archiving as a cryptographic task in CogniCrypt. An archive requires the documents to be stored on a hard-disk. To not require the user to manage these files on their own, the task developer offers their archive as a web service that stores the documents on their server. In this case, the task developer does not have to provide any implementation directly to CogniCrypt. A task developer may choose to let the application developer configure the task in terms of used algorithms among other things. This configuration is done through the dialogue system after the CogniCrypt user selects a task they want to implement.</p>
+<p>The implementation for a task may be provided to CogniCrypt as source code or a jar file. In this case, application developers get direct access to the code. If task developers do not wish to share the source code, they may provide access to the task’s functionality indirectly through an API. Suppose a task developer wants to offer long-term document archiving as a cryptographic task in CogniCrypt. An archive requires the documents to stored on a hard-disk. To not require the user to manage these files on their own, the task developer offers their archive as a web service that stores the documents on their server. In this case, the task developer does not have to provide any implementation directly to CogniCrypt. A task developer may choose to let the application developer configure the task in terms of used algorithms among other things. This configuration is done through the dialogue system after the CogniCrypt user selects a task they want to implement.</p>
<h3 id="usage-rules-1">Usage Rules</h3>
-<p>Task developers must further provide usage rules for this component. CogniCrypt then automatically and continuously applies static analyses based on these rules in the background to ensure the code stays secure. These usage rules have to be provided in the specification language <a href="../documentation/crysl">CrySL</a>.</p>
+<p>Task developers must further provide usage rules for component. CogniCrypt then automatically and continuously applies static analyses based on these rules in the background to ensure the code stays secure. These usage rules have to be provided in the specification language <a href="../documentation/crysl">CrySL</a>.</p>
<h3 id="configuration-questions">Configuration Questions</h3>
