[guardian-dev] OpenPGP Keychain 2.1 with new API

Hans-Christoph Steiner hans at guardianproject.info
Tue Sep 10 14:36:03 EDT 2013 

Hey Dominik,

Its great to see you moving forward with this, I hope we can also start soon
to contribute more to the effort.

About the API naming, I think that using the term "crypto" is far too broad.
The API seems to only cover OpenPGP, and not other aspects of crypto like
hashes, symmetric encyption, etc.  I think the class names should be OpenPGP
instead of Crypto and the API should be called org.openintents.openpgp instead
of org.openintents.crypto.  I suppose org.openintents.crypto.openpgp could be
an option.  But org.openintents.crypto.ICryptoService.encrypt() will be quite
confusing if someone includes AES-256, or even homomorphy crypto in their
crypto service.

In trying out the demo, I noticed a few things, I'm not sure how much they
reflect the API or the demo app:

* I ran encryptAndSign and typed a bad passphrase, and it just went ahead and
encrypted the data and moved on (I assume that means it did not sign the
data).  I think that the OpenPGP service should handle getting the passphrase
in a way that is entirely transparent to the app requesting the action.

* clicking on "Crypto Provider" in the demo made me choose "OpenPGP Keychain"
each time.  It doesn't seem to remember the association.

* importing a secring.gpg file did not add my key to the list of public keys,
on to the secret key list, so I can't encrypt to my own key.  I had to
separately import the public key for it to show up in the public key list.

* after doing the above, now it seems that all signing operations ("sign",
"encrypt and sign", "decrypt and verify") from the Demo app cause "OpenPGP
Keychain" to crash.  I sent a crash report.  I think its crashing when the
ciphertext isn't what it expects, but that's a guess.

.hc


On 09/10/2013 06:45 AM, Dominik Schürmann wrote:
> TL;DR:
> Try out the new OpenPGP Keychain API:
> Keychain:
> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain
> API Demo:
> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
> 
> (also send to guardian-dev mailinglist)
> 
> Long version:
> As discussed previously I now present my new Crypto API that I propose
> for integration into k9mail. All apps wanting to use this generic API
> just need to include the AIDL files and connect to the service. Other
> crypto apps can implement a service based on this AIDL definition.
> 
> Design
> ------
> The API is designed to be as easy as possible to use by apps like
> k9mail. The service definition defines
> sign/encrypt/signAndEncrypt/decryptAndVerify [1].
> As can be seen the apps themselves never need handle key ids directly.
> Only user ids (emails) are used to define recipients. If more than one
> pub key exists for an email, OpenPGP Keychain will handle the problem by
> showing a selection screen.
> Also app devs never need to fiddle with private keys. On first
> operation, OpenPGP Keychain shows an activity to allow or disallow
> access, while also allowing to choose the private key used for this app.
> Please try the Demo app out to see how it works [4].
> 
> Integration
> -----------
> The API is defined as AIDL interfaces in org.openintents.crypto packge
> [2]. All files from [2] needs to be included in the project.
> Using the CryptoServiceConnection.java [3] you can choose to which
> crypto provider you want to connect (other pgp apps can implement the
> interfaces). They can be queried as shown in the demo app (see [3] how
> to query). If other crypto apps implement the service, no additional
> code is required in k9mail per provider. See [3] for a complete example
> for integration.
> 
> ToDos
> -----
> - error handling needs improvements
> - signature results needs improvements (should also contain email address)
> - Integration in k9mail
> 
> Feedback
> --------
> I would like to hear your opinions and directions this API should take.
> 
> Regards
> Dominik Schürmann
> 
> 
> [1]
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
> 
> [2]
> https://github.com/dschuermann/openpgp-keychain/tree/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto
> 
> [3]
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
> 
> [3]
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
> 
> [4]
> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
> 
> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>         Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>         Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 939 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130910/afb00f61/attachment.pgp>

More information about the Guardian-dev mailing list