[guardian-dev] GPG+Android pinentry status

Abel Luck abel at guardianproject.info
Wed Jan 2 11:25:31 EST 2013


Hans-Christoph Steiner:
> 
> Its all building on the build server, that's good news :)
> 
> I am pretty sure that gpg2 <---> gpg-agent was working because I was able to
> verify and encrypt files.  As far as I understand it, in GnuPG 2.1, the gpg2
> does no work on its own, but only serves as an interface to gpg-agent, which
> now does all the work.  I'm also able to download a key from the keyserver,
> but maybe that skips gpg-agent and just uses dirmngr.
> 

I haven't tried encrypting, but decrypting is definitely failing because
gpg2 can't communicate with gpg-agent (I'll post some logs soonish).


> Now, I just tried the "List Keys" test option from the menu, which definitely
> uses gpg-agent and definitely worked before.  That caused gpg-agent to crash.
>  Could the new pinentry stuff be causing this?
> 
I very much doubt it... but you never know. I recall not being able to
list keys before many of my changes. Possibly some recent commits or
android build patches are the cause?

> .hc
> 
> On 12/29/2012 01:50 PM, Abel Luck wrote:
>> __ Where is my android pinentry? __
>>
>> We're so close to a working pinentry. All the pieces have fallen into
>> place, though they fell haphazardly and it's all quite a mess.
>>
>> This is all somewhat convoluted so I thought I'd do a bit of
>> documentation real quick. Eventually this will go into actual docs in
>> the source tree, but I need to brain dump first.
>>
>> __ Show me the Beasty __
>>
>> So you want to decrypt that email you say? Here's how that'll work:
>>
>> Component interaction in my hastily spewed ascii chart format:
>>
>> ("<--->" is IPC)
>>
>> [ User action e.g., decrypt ]
>>             |
>> 1.   gpg2 --decrypt secret_msg
>>             |
>> 2.   gpg2 <---> gpg-agent
>>             |
>> 3.  gpg-agent <---> pinentry-android (p-a)
>>             |
>> 4.   p-a invokes PINEntry Activity (P-A)
>>             |
>> 5.  (P-A) <---> p-a
>>             |
>>     [ User types PIN ]
>>
>> gpg2 is what you think it is
>> gpg-agent is GPG's daemon that manages secret keys
>> pinentry-android is the C command line utility
>> PINEntry Activity is the Java/Android GUI for inputing the PIN
>>
>> As you can see we're nomming hard on that yummy unixy IPC.
>>
>> __But Does It Work?__
>>
>> 1. works, but doesn't decrypt as it can't talk to gpg-agent (see 2)
>> 2. not working
>> 3. unknown (blocking on 2)
>> 4. works
>> 5. works, but no useful data is passed yet
>>
>> __ So nothing really works? __
>>
>> Basically.
>>
>> __ And then? __
>>
>> The next step is to sit down with gpg-agent and gpg2 and have a little
>> relationship counseling.
>>
>> Then, assuming 3 works (hah!), we need to teach PIN Entry Activity
>> gpg-agent's language (known as Assuan) or translate it into something
>> simpler (I'm betting on the latter).
>>
>> __Where is all this crap?__
>>
>> I simplified things down to two repos.
>>
>> pinentry-android lives in the actual gnupg pinentry source tree, but
>> since we haven't submitted anything upstream yet, it lives in my
>> personal repo. Hopefully this will go back upstream to the good GnuPG
>> guardians.
>> https://github.com/abeluck/pinentry/tree/android
>>
>> PINEntry Activity lives in gnupg-for-android along with the cross
>> compiled gpg2, gpg-agent and pinentry
>> https://github.com/guardianproject/gnupg-for-android
>>
>> __ So I came here, read this, and get nothing? __
>>
>> False! You'll be leaving with a warm fuzzy feeling secure in the fact
>> that pinentry on Android is not too far off.
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>
>> You are subscribed as: hans at guardianproject.info
>>
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
> 
> You are subscribed as: abel at guardianproject.info
> 



More information about the Guardian-dev mailing list