[guardian-dev] GPG+Android pinentry status

Hans of Guardian hans at guardianproject.info
Wed Jan 2 11:47:14 EST 2013


On Jan 2, 2013, at 11:25 AM, Abel Luck wrote:

> Hans-Christoph Steiner:
>> 
>> Its all building on the build server, that's good news :)
>> 
>> I am pretty sure that gpg2 <---> gpg-agent was working because I was able to
>> verify and encrypt files.  As far as I understand it, in GnuPG 2.1, the gpg2
>> does no work on its own, but only serves as an interface to gpg-agent, which
>> now does all the work.  I'm also able to download a key from the keyserver,
>> but maybe that skips gpg-agent and just uses dirmngr.
>> 
> 
> I haven't tried encrypting, but decrypting is definitely failing because
> gpg2 can't communicate with gpg-agent (I'll post some logs soonish).
> 
> 
>> Now, I just tried the "List Keys" test option from the menu, which definitely
>> uses gpg-agent and definitely worked before.  That caused gpg-agent to crash.
>> Could the new pinentry stuff be causing this?
>> 
> I very much doubt it... but you never know. I recall not being able to
> list keys before many of my changes. Possibly some recent commits or
> android build patches are the cause?

Its possible the new changes in gnupg are the culprit.  I definitely was using list keys as a test case before, but I haven't tried it in a while.

.hc








>> .hc
>> 
>> On 12/29/2012 01:50 PM, Abel Luck wrote:
>>> __ Where is my android pinentry? __
>>> 
>>> We're so close to a working pinentry. All the pieces have fallen into
>>> place, though they fell haphazardly and it's all quite a mess.
>>> 
>>> This is all somewhat convoluted so I thought I'd do a bit of
>>> documentation real quick. Eventually this will go into actual docs in
>>> the source tree, but I need to brain dump first.
>>> 
>>> __ Show me the Beasty __
>>> 
>>> So you want to decrypt that email you say? Here's how that'll work:
>>> 
>>> Component interaction in my hastily spewed ascii chart format:
>>> 
>>> ("<--->" is IPC)
>>> 
>>> [ User action e.g., decrypt ]
>>>            |
>>> 1.   gpg2 --decrypt secret_msg
>>>            |
>>> 2.   gpg2 <---> gpg-agent
>>>            |
>>> 3.  gpg-agent <---> pinentry-android (p-a)
>>>            |
>>> 4.   p-a invokes PINEntry Activity (P-A)
>>>            |
>>> 5.  (P-A) <---> p-a
>>>            |
>>>    [ User types PIN ]
>>> 
>>> gpg2 is what you think it is
>>> gpg-agent is GPG's daemon that manages secret keys
>>> pinentry-android is the C command line utility
>>> PINEntry Activity is the Java/Android GUI for inputing the PIN
>>> 
>>> As you can see we're nomming hard on that yummy unixy IPC.
>>> 
>>> __But Does It Work?__
>>> 
>>> 1. works, but doesn't decrypt as it can't talk to gpg-agent (see 2)
>>> 2. not working
>>> 3. unknown (blocking on 2)
>>> 4. works
>>> 5. works, but no useful data is passed yet
>>> 
>>> __ So nothing really works? __
>>> 
>>> Basically.
>>> 
>>> __ And then? __
>>> 
>>> The next step is to sit down with gpg-agent and gpg2 and have a little
>>> relationship counseling.
>>> 
>>> Then, assuming 3 works (hah!), we need to teach PIN Entry Activity
>>> gpg-agent's language (known as Assuan) or translate it into something
>>> simpler (I'm betting on the latter).
>>> 
>>> __Where is all this crap?__
>>> 
>>> I simplified things down to two repos.
>>> 
>>> pinentry-android lives in the actual gnupg pinentry source tree, but
>>> since we haven't submitted anything upstream yet, it lives in my
>>> personal repo. Hopefully this will go back upstream to the good GnuPG
>>> guardians.
>>> https://github.com/abeluck/pinentry/tree/android
>>> 
>>> PINEntry Activity lives in gnupg-for-android along with the cross
>>> compiled gpg2, gpg-agent and pinentry
>>> https://github.com/guardianproject/gnupg-for-android
>>> 
>>> __ So I came here, read this, and get nothing? __
>>> 
>>> False! You'll be leaving with a warm fuzzy feeling secure in the fact
>>> that pinentry on Android is not too far off.
>>> 
>>> _______________________________________________
>>> Guardian-dev mailing list
>>> 
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> 
>>> To Unsubscribe
>>>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
>>> 
>>> You are subscribed as: hans at guardianproject.info
>>> 
>> _______________________________________________
>> Guardian-dev mailing list
>> 
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> 
>> To Unsubscribe
>>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/abel%40guardianproject.info
>> 
>> You are subscribed as: abel at guardianproject.info
>> 
> 
> 
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel



More information about the Guardian-dev mailing list