[guardian-dev] OpenPGP Keychain 2.1 with new API

Natanael natanael.l at gmail.com
Tue Sep 10 09:01:29 EDT 2013


The expert key generation mode has options for generating 512 & 1024 bit
RSA keys. The former is conclusively proven insecure and breakable, and the
latter is widely considered insecure, and it's recommended to NOT use keys
of that length. Those two options should be removed. 2048+ bits are however
still considered secure.
Den 10 sep 2013 12:45 skrev "Dominik Schürmann" <
dominik at dominikschuermann.de>:

> TL;DR:
> Try out the new OpenPGP Keychain API:
> Keychain:
>
> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain
> API Demo:
>
> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>
> (also send to guardian-dev mailinglist)
>
> Long version:
> As discussed previously I now present my new Crypto API that I propose
> for integration into k9mail. All apps wanting to use this generic API
> just need to include the AIDL files and connect to the service. Other
> crypto apps can implement a service based on this AIDL definition.
>
> Design
> ------
> The API is designed to be as easy as possible to use by apps like
> k9mail. The service definition defines
> sign/encrypt/signAndEncrypt/decryptAndVerify [1].
> As can be seen the apps themselves never need handle key ids directly.
> Only user ids (emails) are used to define recipients. If more than one
> pub key exists for an email, OpenPGP Keychain will handle the problem by
> showing a selection screen.
> Also app devs never need to fiddle with private keys. On first
> operation, OpenPGP Keychain shows an activity to allow or disallow
> access, while also allowing to choose the private key used for this app.
> Please try the Demo app out to see how it works [4].
>
> Integration
> -----------
> The API is defined as AIDL interfaces in org.openintents.crypto packge
> [2]. All files from [2] needs to be included in the project.
> Using the CryptoServiceConnection.java [3] you can choose to which
> crypto provider you want to connect (other pgp apps can implement the
> interfaces). They can be queried as shown in the demo app (see [3] how
> to query). If other crypto apps implement the service, no additional
> code is required in k9mail per provider. See [3] for a complete example
> for integration.
>
> ToDos
> -----
> - error handling needs improvements
> - signature results needs improvements (should also contain email address)
> - Integration in k9mail
>
> Feedback
> --------
> I would like to hear your opinions and directions this API should take.
>
> Regards
> Dominik Schürmann
>
>
> [1]
>
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
>
> [2]
>
> https://github.com/dschuermann/openpgp-keychain/tree/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto
>
> [3]
>
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
>
> [3]
>
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
>
> [4]
>
> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>
>
> _______________________________________________
> Guardian-dev mailing list
>
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit:
> https://lists.mayfirst.org/mailman/options/guardian-dev/natanael.l%40gmail.com
>
> You are subscribed as: natanael.l at gmail.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130910/515be8b4/attachment.html>


More information about the Guardian-dev mailing list