[guardian-dev] OpenPGP Keychain 2.1 with new API

Oliver Gasser oliver at flowriver.net
Fri Sep 13 11:26:01 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I think that PGP/MIME support in the new API would definitely help its
adoption (especially in k9mail). This feature would be a real benefit
which you could point developers and users to: In combination with
OpenPGP Keychain (or also GnuPG on Android) k9mail is finally able to
work as a fully-enabled PGP mail client.

So my idea is to first design a viable OpenPGP API including PGP/MIME as
an essential part. And once we are happy with that we can implement both
the k9mail part as well as the OpenPGP Keychain part.

I of course offer my help in this process.

Regards,
Oliver


On 09/13/2013 05:04 PM, Dominik Schürmann wrote:
> Hi Oliver,
> 
> currently no. We are working on getting the new API for PGP/INLINE into
> k9mail before moving on with PGP/MIME.
> 
> Regards
> Dominik
> 
> On 13.09.2013 16:50, Oliver Gasser wrote:
> 
> 
> On 13.09.2013 16:50, Oliver Gasser wrote:
>> Does OpenPGP Keychain support PGP/MIME, i.e. can I take an encrypted
>> and signed email including the headers and feed all of it to the app
>> and it will return the decrypted text and the signature verification
>> status?
>> I know that gpg can do this on the desktop, not sure about the GnuPG
>> Android App though.
>>
>> On 09/10/2013 12:45 PM, Dominik Schürmann wrote:
>>> TL;DR: Try out the new OpenPGP Keychain API: Keychain: 
>>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain
>>
>>
>> API Demo:
>>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>>
>>>  (also send to guardian-dev mailinglist)
>>
>>> Long version: As discussed previously I now present my new Crypto
>>> API that I propose for integration into k9mail. All apps wanting to
>>> use this generic API just need to include the AIDL files and
>>> connect to the service. Other crypto apps can implement a service
>>> based on this AIDL definition.
>>
>>> Design ------ The API is designed to be as easy as possible to use
>>> by apps like k9mail. The service definition defines 
>>> sign/encrypt/signAndEncrypt/decryptAndVerify [1]. As can be seen
>>> the apps themselves never need handle key ids directly. Only user
>>> ids (emails) are used to define recipients. If more than one pub
>>> key exists for an email, OpenPGP Keychain will handle the problem
>>> by showing a selection screen. Also app devs never need to fiddle
>>> with private keys. On first operation, OpenPGP Keychain shows an
>>> activity to allow or disallow access, while also allowing to choose
>>> the private key used for this app. Please try the Demo app out to
>>> see how it works [4].
>>
>>> Integration ----------- The API is defined as AIDL interfaces in
>>> org.openintents.crypto packge [2]. All files from [2] needs to be
>>> included in the project. Using the CryptoServiceConnection.java [3]
>>> you can choose to which crypto provider you want to connect (other
>>> pgp apps can implement the interfaces). They can be queried as
>>> shown in the demo app (see [3] how to query). If other crypto apps
>>> implement the service, no additional code is required in k9mail per
>>> provider. See [3] for a complete example for integration.
>>
>>> ToDos ----- - error handling needs improvements - signature results
>>> needs improvements (should also contain email address) -
>>> Integration in k9mail
>>
>>> Feedback -------- I would like to hear your opinions and directions
>>> this API should take.
>>
>>> Regards Dominik Schürmann
>>
>>
>>> [1] 
>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
>>
>>>  [2] 
>>> https://github.com/dschuermann/openpgp-keychain/tree/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto
>>
>>>  [3] 
>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
>>
>>>  [3] 
>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
>>
>>>  [4] 
>>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>>
>>
>>
>>
>>> _______________________________________________ Guardian-dev
>>> mailing list
>>
>>> Post: Guardian-dev at lists.mayfirst.org List info:
>>> https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>
>>> To Unsubscribe Send email to:
>>> Guardian-dev-unsubscribe at lists.mayfirst.org Or visit:
>>> https://lists.mayfirst.org/mailman/options/guardian-dev/oliver%40flowriver.net
>>
>>>  You are subscribed as: oliver at flowriver.net
>>
> Does OpenPGP Keychain support PGP/MIME, i.e. can I take an encrypted
> and signed email including the headers and feed all of it to the app
> and it will return the decrypted text and the signature verification
> status?
> I know that gpg can do this on the desktop, not sure about the GnuPG
> Android App though.
> 
> On 09/10/2013 12:45 PM, Dominik Schürmann wrote:
>>>> TL;DR: Try out the new OpenPGP Keychain API: Keychain: 
>>>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain
>>>>
>>>>
> API Demo:
>>>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>>>>
>>>>  (also send to guardian-dev mailinglist)
>>>>
>>>> Long version: As discussed previously I now present my new Crypto
>>>> API that I propose for integration into k9mail. All apps wanting to
>>>> use this generic API just need to include the AIDL files and
>>>> connect to the service. Other crypto apps can implement a service
>>>> based on this AIDL definition.
>>>>
>>>> Design ------ The API is designed to be as easy as possible to use
>>>> by apps like k9mail. The service definition defines 
>>>> sign/encrypt/signAndEncrypt/decryptAndVerify [1]. As can be seen
>>>> the apps themselves never need handle key ids directly. Only user
>>>> ids (emails) are used to define recipients. If more than one pub
>>>> key exists for an email, OpenPGP Keychain will handle the problem
>>>> by showing a selection screen. Also app devs never need to fiddle
>>>> with private keys. On first operation, OpenPGP Keychain shows an
>>>> activity to allow or disallow access, while also allowing to choose
>>>> the private key used for this app. Please try the Demo app out to
>>>> see how it works [4].
>>>>
>>>> Integration ----------- The API is defined as AIDL interfaces in
>>>> org.openintents.crypto packge [2]. All files from [2] needs to be
>>>> included in the project. Using the CryptoServiceConnection.java [3]
>>>> you can choose to which crypto provider you want to connect (other
>>>> pgp apps can implement the interfaces). They can be queried as
>>>> shown in the demo app (see [3] how to query). If other crypto apps
>>>> implement the service, no additional code is required in k9mail per
>>>> provider. See [3] for a complete example for integration.
>>>>
>>>> ToDos ----- - error handling needs improvements - signature results
>>>> needs improvements (should also contain email address) -
>>>> Integration in k9mail
>>>>
>>>> Feedback -------- I would like to hear your opinions and directions
>>>> this API should take.
>>>>
>>>> Regards Dominik Schürmann
>>>>
>>>>
>>>> [1] 
>>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/ICryptoService.aidl
>>>>
>>>>  [2] 
>>>> https://github.com/dschuermann/openpgp-keychain/tree/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto
>>>>
>>>>  [3] 
>>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/openintents/crypto/CryptoServiceConnection.java
>>>>
>>>>  [3] 
>>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain-API-Demo/src/org/sufficientlysecure/keychain/demo/CryptoProviderDemoActivity.java
>>>>
>>>>  [4] 
>>>> https://play.google.com/stor/apps/details?id=org.sufficientlysecure.keychain.demo
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________ Guardian-dev
>>>> mailing list
>>>>
>>>> Post: Guardian-dev at lists.mayfirst.org List info:
>>>> https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>
>>>> To Unsubscribe Send email to:
>>>> Guardian-dev-unsubscribe at lists.mayfirst.org Or visit:
>>>> https://lists.mayfirst.org/mailman/options/guardian-dev/oliver%40flowriver.net
>>>>
>>>>  You are subscribed as: oliver at flowriver.net
>>>>
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSMy6JAAoJEPrMBpMTKo61+TQH+QEk4bVzPyD5Nab31s+AuoOl
qO6lb258WQl1Mm40EQ24ldmaap0NKjiCAuagZ1xpTYhN1SuQMm9huS1v34ut6PN2
aNfok3yBW5SrqIh7BxhEPs6JwJ2gW09NnfHoXUgM2I9KP46dfCKeyplr6LkddKTr
77BSV8GsI8F4h5bpD0NGdbt4lkSGi/haORCdi3bRIst3OUBHPd4z6kDfY/EfC0SN
qRvnXnLnZb/mSEBt8owWK518TBUvelhqhrdVl/uIjmb5qpurII1BiwKZDyHgJR7L
fYS6r0D049KOT9Ey9KV8znNTEUm850NelYLuyfEpDRs1/u/SWBHoG/v42/I+h0M=
=ukzs
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list