[guardian-dev] OpenPGP Keychain 2.1 with new API

Dominik Schürmann dominik at dominikschuermann.de
Tue Sep 10 09:15:04 EDT 2013


Thanks. Haven't touch that part of the app in recent commits :)
Those key lengths will be removed.

Regards
Dominik

On 10.09.2013 15:01, Natanael wrote:
> The expert key generation mode has options for generating 512 & 1024 bit
> RSA keys. The former is conclusively proven insecure and breakable, and the
> latter is widely considered insecure, and it's recommended to NOT use keys
> of that length. Those two options should be removed. 2048+ bits are however
> still considered secure.
> Den 10 sep 2013 12:45 skrev "Dominik Schürmann" <
> dominik at dominikschuermann.de>:
> 
>> TL;DR:
>> Try out the new OpenPGP Keychain API:
>> Keychain:
>>
>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain
>> API Demo:
>>
>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>>
>> (also send to guardian-dev mailinglist)
>>
>> Long version:
>> As discussed previously I now present my new Crypto API that I propose
>> for integration into k9mail. All apps wanting to use this generic API
>> just need to include the AIDL files and connect to the service. Other
>> crypto apps can implement a service based on this AIDL definition.
>>
>> Design
>> ------
>> The API is designed to be as easy as possible to use by apps like
>> k9mail. The service definition defines
>> sign/encrypt/signAndEncrypt/decryptAndVerify [1].
>> As can be seen the apps themselves never need handle key ids directly.
>> Only user ids (emails) are used to define recipients. If more than one
>> pub key exists for an email, OpenPGP Keychain will handle the problem by
>> showing a selection screen.
>> Also app devs never need to fiddle with private keys. On first
>> operation, OpenPGP Keychain shows an activity to allow or disallow
>> access, while also allowing to choose the private key used for this app.
>> Please try the Demo app out to see how it works [4].
>>
>> Integration
>> -----------
>> The API is defined as AIDL interfaces in org.openintents.crypto packge
>> [2]. All files from [2] needs to be included in the project.
>> Using the CryptoServiceConnection.java [3] you can choose to which
>> crypto provider you want to connect (other pgp apps can implement the
>> interfaces). They can be queried as shown in the demo app (see [3] how
>> to query). If other crypto apps implement the service, no additional
>> code is required in k9mail per provider. See [3] for a complete example
>> for integration.
>>
>> ToDos
>> -----
>> - error handling needs improvements
>> - signature results needs improvements (should also contain email address)
>> - Integration in k9mail
>>
>> Feedback
>> --------
>> I would like to hear your opinions and directions this API should take.
>>
>> Regards
>> Dominik Schürmann
>>
>>
>> [1]
>>
>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
>>
>> [2]
>>
>> https://github.com/dschuermann/openpgp-keychain/tree/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto
>>
>> [3]
>>
>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
>>
>> [3]
>>
>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
>>
>> [4]
>>
>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>>
>>
>> _______________________________________________
>> Guardian-dev mailing list
>>
>> Post: Guardian-dev at lists.mayfirst.org
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>> To Unsubscribe
>>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>         Or visit:
>> https://lists.mayfirst.org/mailman/options/guardian-dev/natanael.l%40gmail.com
>>
>> You are subscribed as: natanael.l at gmail.com
>>
>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130910/71151176/attachment-0001.pgp>


More information about the Guardian-dev mailing list