pinentry for Android questions
Hans-Christoph Steiner
hans at guardianproject.info
Wed Sep 19 04:23:30 CEST 2012
On 03/10/2012 08:56 AM, Marcus Brinkmann wrote:
> On 03/10/2012 04:35 AM, Hans-Christoph Steiner wrote:
>>
>>
>> On 03/09/2012 01:12 PM, Marcus Brinkmann wrote:
>>> On 03/09/2012 06:37 PM, Hans-Christoph Steiner wrote:
>>>>
>>>> I've been looking through the examples, those are hard to generalize
>>>> from for this use case since they are all pure C and can all be linked
>>>> together into a single program. What I would love to see is an
>>>> example transcript of the assuan dialog between a pinentry program and
>>>> gpg-agent, since I think I'll have to implement the whole pinentry lib
>>>> in Java. Or perhaps I could wrap the pinentry C code in JNI for Java.
>>>>
>>>
>>> It's a lot easier to make pinentry.c/pinentry.h in a library and wrap
>>> that than to wrap libassuan or reimplement libassuan in Java.
>>>
>>> gpg-agent can be configured to log its assuan communication with
>>> pinentry.
>>
>> I forgot to mention, we're going to be using gpgme in this. It looks
>> like gpgme somehow handle
>
> Thanks,
> Marcus
>
>
s the pinentry stuff with callbacks, or am I
>> reading it wrong? If we are using gpgme, do we still need a custom
>> pinentry?
>
> The callbacks are "old school" and not functional for gpg2 with
> gpg-agent. :)
>
> So a custom pinentry is indeed needed, and you don't need to set a gpgme
> passphrase callback (it would never be called).
>
> Thanks for the list of issues, btw, it's a big help as the mailing list
> threads were getting a tiny bit unwieldy.
I'm back on this and still not quite seeing how to do it. From what
I've seen, it seems that gpg-agent executes pinentry, then communicates
with it via stdin/stdout. This is not possible in Android because you
cannot directly launch a GUI program in Android from the terminal.
The only way I've found to start an Android GUI screen from the terminal
is to launch an Activity (which is a Java Class representing a GUI
screen) using the 'am start' command. Its not blocking, and there is no
stdin/stdout to attach to.
What I think need to happen is that gpg-agent calls "am start
PassphraseActivity", then PassphraseActivity starts and connects to the
gpg-agent UNIX socket and does its communication there. It would also
be possible to have pinentry create its own UNIX socket and point
gpg-agent to it.
I have no idea how to do that, all of the existing pinentry programs
seem to work the exact same way. Any pointers?
.hc
More information about the Gnupg-devel
mailing list