[guardian-dev] GPG+Android pinentry status
Hans-Christoph Steiner
hans at guardianproject.info
Mon Dec 31 20:00:15 EST 2012
Its all building on the build server, that's good news :)
I am pretty sure that gpg2 <---> gpg-agent was working because I was able to
verify and encrypt files. As far as I understand it, in GnuPG 2.1, the gpg2
does no work on its own, but only serves as an interface to gpg-agent, which
now does all the work. I'm also able to download a key from the keyserver,
but maybe that skips gpg-agent and just uses dirmngr.
Now, I just tried the "List Keys" test option from the menu, which definitely
uses gpg-agent and definitely worked before. That caused gpg-agent to crash.
Could the new pinentry stuff be causing this?
.hc
On 12/29/2012 01:50 PM, Abel Luck wrote:
> __ Where is my android pinentry? __
>
> We're so close to a working pinentry. All the pieces have fallen into
> place, though they fell haphazardly and it's all quite a mess.
>
> This is all somewhat convoluted so I thought I'd do a bit of
> documentation real quick. Eventually this will go into actual docs in
> the source tree, but I need to brain dump first.
>
> __ Show me the Beasty __
>
> So you want to decrypt that email you say? Here's how that'll work:
>
> Component interaction in my hastily spewed ascii chart format:
>
> ("<--->" is IPC)
>
> [ User action e.g., decrypt ]
> |
> 1. gpg2 --decrypt secret_msg
> |
> 2. gpg2 <---> gpg-agent
> |
> 3. gpg-agent <---> pinentry-android (p-a)
> |
> 4. p-a invokes PINEntry Activity (P-A)
> |
> 5. (P-A) <---> p-a
> |
> [ User types PIN ]
>
> gpg2 is what you think it is
> gpg-agent is GPG's daemon that manages secret keys
> pinentry-android is the C command line utility
> PINEntry Activity is the Java/Android GUI for inputing the PIN
>
> As you can see we're nomming hard on that yummy unixy IPC.
>
> __But Does It Work?__
>
> 1. works, but doesn't decrypt as it can't talk to gpg-agent (see 2)
> 2. not working
> 3. unknown (blocking on 2)
> 4. works
> 5. works, but no useful data is passed yet
>
> __ So nothing really works? __
>
> Basically.
>
> __ And then? __
>
> The next step is to sit down with gpg-agent and gpg2 and have a little
> relationship counseling.
>
> Then, assuming 3 works (hah!), we need to teach PIN Entry Activity
> gpg-agent's language (known as Assuan) or translate it into something
> simpler (I'm betting on the latter).
>
> __Where is all this crap?__
>
> I simplified things down to two repos.
>
> pinentry-android lives in the actual gnupg pinentry source tree, but
> since we haven't submitted anything upstream yet, it lives in my
> personal repo. Hopefully this will go back upstream to the good GnuPG
> guardians.
> https://github.com/abeluck/pinentry/tree/android
>
> PINEntry Activity lives in gnupg-for-android along with the cross
> compiled gpg2, gpg-agent and pinentry
> https://github.com/guardianproject/gnupg-for-android
>
> __ So I came here, read this, and get nothing? __
>
> False! You'll be leaving with a warm fuzzy feeling secure in the fact
> that pinentry on Android is not too far off.
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
> Send email to: Guardian-dev-unsubscribe at lists.mayfirst.org
> Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>
> You are subscribed as: hans at guardianproject.info
>
More information about the Guardian-dev
mailing list