[guardian-dev] Sharing encrypted content with other apps

Hans-Christoph Steiner hans at guardianproject.info
Wed Jan 29 12:26:06 EST 2014



On 01/28/2014 07:03 PM, Mark Murphy wrote:
> On Tue, Jan 28, 2014, at 15:54, Michael Rogers wrote:
>> I've been pondering whether it's possible for an Android app to share
>> encrypted content - for example, an image stored in a SQLCipher
>> database - with another app, without first creating an unencrypted
>> copy of the content on disk.
> 
> Create a ContentProvider that implements openFile(), using
> ParcelFileDescriptor and createPipe() to stream your content from heap
> space, based upon your SQLCipher query. So long as the other party needs
> a forward-only stream (i.e., no rewinding), a content:// Uri pointing at
> your provider should work fine. Note that media playback, in particular,
> tends to want rewinding, as I think was discussed on this list last
> year.
> 
> Here's a sample:
> 
> https://github.com/commonsguy/cw-omnibus/tree/master/ContentProvider/Pipe
> 
> In my case, I am reading the data from a file, to keep the sample
> simple, but you could get your data from anything you wanted, including
> an encrypted source.
> 
> The catch is that you need to be in position to do the decryption, which
> means that you have the passphrase. If the trigger for wanting to share
> the content is the user doing something in your UI, you can make sure
> that you have the passphrase before calling startActivity() to request
> the other app to do something with your content://, so you will be able
> to decrypt it. This will not work nearly so well if the content can be
> requested at arbitrary points in time, as your process may be gone and
> you may not be in position to get the passphrase. That's the stumbling
> block that I ran into when pondering wrapping IOCipher in my
> StreamProvider (an extension of Google's FileProvider for serving
> content from more sources), and I haven't gotten back around to try to
> deal with this.

We've been looking at this in two parts: first, figuring out ways to include a
stream in the Intent; and second, figuring out techniques of securely sending
and receiving Intents.

For streams, we have started with Mark's example above and used that as the
base.  That let's us send a stream from an IOCipher filesystem to another app.
 We're also working with UNIX domain sockets on the file system to be able to
pass a File object, and have reads/writes to that File happen in IOCipher.

Android has some nice tools like Signature checking for Intents, but if you
need something a little bit looser, there isn't any options built-in.  I
recently wrote a blog post sketching out the issues and our ideas to address them:

https://guardianproject.info/2014/01/21/improving-trust-and-flexibility-in-interactions-between-android-apps/

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81


More information about the Guardian-dev mailing list