[guardian-dev] OpenPGP Keychain 2.1 with new API

Hans of Guardian hans at guardianproject.info
Mon Sep 16 12:39:14 EDT 2013 

Querying for an API version is a good thing to include in the API from the beginning, but I don't think it really addresses the issue of an optional PGP/MIME API, which seems like a separate sub-API, rather than an newer enhancement of the OpenPGP API.

OpenPGP and OpenPGP/MIME are separate RFCs, so it makes sense to me that they'd be separate APIs:

OpenPGP
http://tools.ietf.org/html/rfc2440
http://tools.ietf.org/html/rfc4880

OpenPGP/MIME
http://tools.ietf.org/html/rfc3156

.hc

On Sep 16, 2013, at 12:25 PM, Dominik Schürmann wrote:

> 1) I would propose puttin a meta-data tag into the service definition.
> See
> http://developer.android.com/guide/topics/manifest/meta-data-element.html
> and in my manifest:
> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain/AndroidManifest.xml#L396
> 
> The tag is called "api_version". Then when querying openpgp providers
> providing "org.openintents.openpgp.IOpenPgpService" you can also query
> for a specific api_version.
> 
> 2) This is basically no API problem. Every openpgp app can decide on
> itself what to do with it.
> 
> Regards
> Dominik
> 
> On 16.09.2013 18:13, Oliver Gasser wrote:
>> Hi all,
>> 
>> On 09/16/2013 05:01 PM, Dominik Schürmann wrote:
>>> Sry for the double-email.
>>> 
>>> After re-reading the old emails in this thread:
>>> It seems we disagree on the part whether MIME should be handled by
>>> k9mail or the PGP app.
>> 
>> exactly, this is a very important decision that needs to be taken as it
>> massively influences the API and its interaction with clients.
>> 
>>> 
>>> I think it's a two sided sword: On one side, I don't want to add much
>>> more parameters to these functions and I think MIME support is actually
>>> something that is more part of the mail program than the PGP app.
>>> 
>>> On the other side, it _could_ help its adoption when implemented in the
>>> PGP app. This would also mean, that normal MIME handling in k9mail must
>>> be ignored when handling PGP emails and instead letting the PGP app
>>> parse it. If we want to do this, I would also introducing special Mime
>>> functions, like you proposed.
>>> 
>>> Regards
>>> Dominik
>> 
>> If we let the mail program do the parsing and the API does just basic
>> encryption/decryption and signing/verification the API stays small and
>> simple. The mail program would have to identify the multipart
>> boundaries, hand them to the API and display the result.
>> 
>> If the API would fully support PGP/MIME itself (like e.g. GnuPG already
>> does) the mail client could hand the complete PGP/MIME message to the
>> API which would then identify the relevant parts, decrypt and/or verify.
>> The mail client would then display the returned result.
>> 
>> Both approaches are viable. What is the opinion of the gpg-android
>> people about this?
>> 
>> Two more questions:
>> 1) How do we intend to handle versioning of the API? What if we change a
>> function after the API had been released?
>> 2) How do we handle application/pgp-keys in messages?
>> 
>> Regards,
>> Oliver
>> 
>>> 
>>> On 16.09.2013 16:31, Dominik Schürmann wrote:
>>>> Hi Oliver,
>>>> 
>>>> thanks for your feedback. This helps getting forward :)
>>>> 
>>>> On 16.09.2013 15:44, Oliver Gasser wrote:
>>>>> Regarding PGP/MIME and the API's (future) support for it: Did you
>>>>> envision that PGP/MIME encryption/signing would also be handled by
>>>>> IOpenPgpService.signAndEncrypt()? How would you signal this (parameter
>>>>> or maybe different function "signAndEncryptMime()")?
>>>> 
>>>> I am not sure if we need to differentiate. The actual handling of MIME
>>>> should be solely done on k9mail's side in my opinion. The content parts
>>>> of MIME emails are normal ascii armored (Radix-64) OpenPGP conform
>>>> content. Do I miss something?
>>>> 
>>>>> The comment of IOpenPgpService.decryptAndVerify() states, that it
>>>>> handles also the case of signature only. What about encryption only?
>>>>> There should be something like
>>>>> OpenPgpSignatureResult.SIGNATURE_NOT_AVAILABLE. Is this what
>>>>> OpenPgpSignatureResult.SIGNATURE_UNKNOWN is for? Some more documentation
>>>>> about the constants would be great :-)
>>>> 
>>>> You are right. I added more documentation to these classes:
>>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain/src/org/openintents/openpgp/IOpenPgpService.aidl
>>>> https://github.com/dschuermann/openpgp-keychain/blob/master/OpenPGP-Keychain/src/org/openintents/openpgp/OpenPgpSignatureResult.java
>>>> 
>>>> So encrypted-only content have signatureResult=null in callback's
>>>> onSuccess() after decryptAndVerify().
>>>> I renamed SIGNATURE_UNKNOWN to SIGNATURE_UNKNOWN_PUB_KEY
>>>> 
>>>> Regards
>>>> Dominik
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Guardian-dev mailing list
>>>> 
>>>> Post: Guardian-dev at lists.mayfirst.org
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>> 
>>>> To Unsubscribe
>>>>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/dominik%40dominikschuermann.de
>>>> 
>>>> You are subscribed as: dominik at dominikschuermann.de
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Guardian-dev mailing list
>>> 
>>> Post: Guardian-dev at lists.mayfirst.org
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> 
>>> To Unsubscribe
>>>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>>>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/oliver%40flowriver.net
>>> 
>>> You are subscribed as: oliver at flowriver.net
>>> 
> 
> _______________________________________________
> Guardian-dev mailing list
> 
> Post: Guardian-dev at lists.mayfirst.org
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> 
> To Unsubscribe
>        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
>        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/hans%40guardianproject.info
> 
> You are subscribed as: hans at guardianproject.info

More information about the Guardian-dev mailing list