pinentry for Android questions
wk at gnupg.org
Mon Nov 12 12:58:00 CET 2012
On Sun, 11 Nov 2012 21:15, abel at guardianproject.info said:
> The goal then is to create a pinentry that launches a non-blocking gui
> (simple CLI command), then communicates over a unix domain socket with
> the Android app that interacts with the user.
very good. I believe that is the best option for now. If we later
notice that we need to change something to save on certain resources, we
can re-consider this. It is an internal API and thus easy to replace.
> How relevant are the following options to the above plan?
That is X server specific. You can ignore it.
Does not make sense. It mostly a debugging option for X. The grab
keyboard and mouse thing should be replaced by Android's way of
protecting PIN/passphrase widgets.
This is quite new and designed to be used by server applications. In
fact. gpg2.1 has no support for it now. The idea is that an application
using gpg-agent for passphrase entry, private key, or card operations
can avoid the use of a pinentry and instead directly send the passphrase
(via a callback mechanism). For example a web mail server could use
this feature instead of resorting to the pinentry-wrapper hack.
> It seems this would be more feasible to implement as a modifier version
> of pinentry/pinentry[-curses].[c,h] Does that sound reasonable, or do
> you suggest a different codebase to use as a starting point?
Please use that code base and create a branch during the development
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel