pinentry for Android questions
abel at guardianproject.info
Sun Nov 11 21:15:12 CET 2012
> On Mon, 24 Sep 2012 23:35, hans at guardianproject.info said:
>> then waits for the new process to contact 'system_server' via IPC, then
>> requests the right Activity from the process. We can send the Intent,
>> but we can't control the starting of the process.
> Okay, so a simple two way communication is not possible.
>> are proposing. I just think that the ideal solution would be having
>> gpg-agent launch the GUI Activity using "am start", then that GUI
>> Activity could talk directly to the gpg-agent UNIX socket, and that
> We use a simple stdin/stdout server for the pinentry because it reduces
> the complexity in gpg-agent. The pinentry can't use the
> ~/.gnupg/S.gpg-agent socket because that one is for the client's (gpg)
> communication with the agent. If we would use that socket also for
> pinentry communication, we would need to synchronize the actions of two
> clients (the regular client and the pinentry). That defeats the idea of
> having a simple and easy to audit communication with gpg-agent.
> Using an extra socket for pinentry would be possible but this also adds
> more complexity. Thus I am very in favor of having a wrapper pinentry
> to mediate between gpg-agent and an Android based pinentry. I hope
> there is no limit on the number of processes on Android like we have on
> Adding such a daemonized version to the pinentry package and thus
> re-using some of the pinentry logic is no problem. We don't require any
> legal BS for pinentry.
Abel from Guardian Project here.
I'm taking the lead on this task (pinentry on Android) for now, and I've
a few questions I hope you can help me with.
A quick recap:
1. Android has no X server
2. It is *impossible* to launch a GUI app from the CLI and communicate
3. It is *possible* to launch a GUI app in a non-blocking fashion from
4. We can communicate w/ the gui through a unix domain socket
The goal then is to create a pinentry that launches a non-blocking gui
(simple CLI command), then communicates over a unix domain socket with
the Android app that interacts with the user.
So, with that in mind I've been investigating the pinentry related
gpg-agent options, and I have a few questions.
How relevant are the following options to the above plan?
Could you elaborate more on the loopback mode, I don't quite understand
its function from the documents.
It seems this would be more feasible to implement as a modifier version
of pinentry/pinentry[-curses].[c,h] Does that sound reasonable, or do
you suggest a different codebase to use as a starting point?
More information about the Gnupg-devel