pinentry for Android questions

[Marcus Brinkmann]

On 03/07/2012 12:22 AM, Hans-Christoph Steiner wrote:
>
> I'm trying to work out how best to implement pinentry for Android.  Right now I'm thinking that it would be easiest to having a 'pinentry-android' which just launches the PassphraseEntry Activity (an core Android GUI class), then have the Java code reply to the UNIX socket using assuan.

That sounds about right, but I couldn't find documentation on 
PassphraseEntry to confirm that it supports the features that pinentry 
should support.  There is a bunch of stuff going on there (description, 
quality bar, error text, prompt, button texts).

Alternatively, the pinentry activity could just implement its own 
interface, as it only requires a couple of widgets.

> Another possibility is having the Java code write a temp file with the response.

Not quite as good, and not only because you commit the passphrase to 
storage.  You don't really want to mug around in gpg-agent to avoid 
calling pinentry through libassuan.  There is a bunch of stuff going on 
there, including gpg-agent reporting back on the quality of the 
passphrase incrementally as it is entered.

> Any examples out there to draw from?  Any suggestions along these lines?

If you look at the pinentry source code, it's quite modular, and you 
only need to implement a single function (that serves several purposes 
though as it configures the widgets of the passphrase entry dialog 
window via a structure).

There are some subtleties in how the interface is expected to behave, 
but nothing too bad.

To keep the build simple, you don't have to integrate the android 
pinentry into the existing pinentry autoconf build, you can just make a 
standalone package.  For this, copy pinentry/pinentry/pinentry.{h,c} and 
use the gtk+-2 implementation as a reference (ignore curses, the old gtk 
pinentry and the qt pinentries).

You might want to (or have to) ignore secmem, it's used to disable swap 
space for passwords.

Thanks,
Marcus