[guardian-dev] GPG+Android pinentry status

Hans-Christoph Steiner hans at guardianproject.info
Mon Dec 31 20:00:15 EST 2012 

Its all building on the build server, that's good news :)

I am pretty sure that gpg2 <---> gpg-agent was working because I was able to
verify and encrypt files.  As far as I understand it, in GnuPG 2.1, the gpg2
does no work on its own, but only serves as an interface to gpg-agent, which
now does all the work.  I'm also able to download a key from the keyserver,
but maybe that skips gpg-agent and just uses dirmngr.

Now, I just tried the "List Keys" test option from the menu, which definitely
uses gpg-agent and definitely worked before.  That caused gpg-agent to crash.
 Could the new pinentry stuff be causing this?

.hc

On 12/29/2012 01:50 PM, Abel Luck wrote:
> __ Where is my android pinentry? __
> 
> We're so close to a working pinentry. All the pieces have fallen into
> place, though they fell haphazardly and it's all quite a mess.
> 
> This is all somewhat convoluted so I thought I'd do a bit of
> documentation real quick. Eventually this will go into actual docs in
> the source tree, but I need to brain dump first.
> 
> __ Show me the Beasty __
> 
> So you want to decrypt that email you say? Here's how that'll work:
> 
> Component interaction in my hastily spewed ascii chart format:
> 
> ("<--->" is IPC)
> 
> [ User action e.g., decrypt ]
>             |
> 1.   gpg2 --decrypt secret_msg
>             |
> 2.   gpg2 <---> gpg-agent
>             |
> 3.  gpg-agent <---> pinentry-android (p-a)
>             |
> 4.   p-a invokes PINEntry Activity (P-A)
>             |
> 5.  (P-A) <---> p-a
>             |
>     [ User types PIN ]
> 
> gpg2 is what you think it is
> gpg-agent is GPG's daemon that manages secret keys
> pinentry-android is the C command line utility
> PINEntry Activity is the Java/Android GUI for inputing the PIN
> 
> As you can see we're nomming hard on that yummy unixy IPC.
> 
> __But Does It Work?__
> 
> 1. works, but doesn't decrypt as it can't talk to gpg-agent (see 2)
> 2. not working
> 3. unknown (blocking on 2)
> 4. works
> 5. works, but no useful data is passed yet
> 
> __ So nothing really works? __
> 
> Basically.
> 
> __ And then? __
> 
> The next step is to sit down with gpg-agent and gpg2 and have a little
> relationship counseling.
> 
> Then, assuming 3 works (hah!), we need to teach PIN Entry Activity
> gpg-agent's language (known as Assuan) or translate it into something
> simpler (I'm betting on the latter).
> 
> __Where is all this crap?__
> 
> I simplified things down to two repos.
> 
> pinentry-android lives in the actual gnupg pinentry source tree, but
> since we haven't submitted anything upstream yet, it lives in my
> personal repo. Hopefully this will go back upstream to the good GnuPG
> guardians.
> https://github.com/abeluck/pinentry/tree/android
> 
> PINEntry Activity lives in gnupg-for-android along with the cross
> compiled gpg2, gpg-agent and pinentry
> https://github.com/guardianproject/gnupg-for-android
> 
> __ So I came here, read this, and get nothing? __
> 
> False! You'll be leaving with a warm fuzzy feeling secure in the fact
> that pinentry on Android is not too far off.
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
>

More information about the Guardian-dev mailing list