pinentry for Android questions

Hans-Christoph Steiner hans at guardianproject.info
Mon Sep 24 23:35:00 CEST 2012 


On 09/24/2012 06:25 AM, Werner Koch wrote:
> On Wed, 19 Sep 2012 04:23, hans at guardianproject.info said:
> 
>> I'm back on this and still not quite seeing how to do it.  From what
>> I've seen, it seems that gpg-agent executes pinentry, then communicates
>> with it via stdin/stdout.  This is not possible in Android because you
> 
> Right.  Pretty standard thing.
> 
>> cannot directly launch a GUI program in Android from the terminal.
> 
> What is the reason?  It is kind of funny that the whole GnuPG system
> works nicely on Windows Mobile 6.x (the old one) but you can't make it
> work on a free software Linux Platform.

>> I have no idea how to do that, all of the existing pinentry programs
>> seem to work the exact same way. Any pointers?
> 
> I would first investigate how to start a GUI application i the first
> place (without the Java crap).  If you really can't find a solution the
> common workaround for such problems are daemon: Start a daemonized
> pinentry version and use a stub pinentry program which is called by
> gpg-agent and then communicates with the pinentry-daemon via
> whatever-mechanism you like.

Android is really quite a different operating system from GNU/Linux,
*BSD, and even Windows.  I know nothing about Windows Mobile, so I can't
speak to that.  Yes, there is a Linux kernel and a super minimal
pseudo-UNIX environment, its really not UNIX and is missing lots of
basic things, like command line programs launching GUIs.

The only way you launch a GUI program in Android is to send a message,
known as an Intent requesting a certain generic action or specific
Activity.  That message goes to 'system_server', which requests 'zygote'
to fork off the process containing the right Activity.  'system_server'
then waits for the new process to contact 'system_server' via IPC, then
requests the right Activity from the process.  We can send the Intent,
but we can't control the starting of the process.

So we could go with the idea Abel outlined, which sounds like what you
are proposing.  I just think that the ideal solution would be having
gpg-agent launch the GUI Activity using "am start", then that GUI
Activity could talk directly to the gpg-agent UNIX socket, and that
would make the whole setup simpler.  If that is not feasible, I'm OK
with going with the 'pinentry' that talks with the GUI Activity via its
own UNIX socket.

.hc

More information about the Gnupg-devel mailing list