pinentry for Android questions

Werner Koch wk at
Tue Sep 25 10:25:19 CEST 2012

On Mon, 24 Sep 2012 23:35, hans at said:

> then waits for the new process to contact 'system_server' via IPC, then
> requests the right Activity from the process.  We can send the Intent,
> but we can't control the starting of the process.

Okay, so a simple two way communication is not possible.

> are proposing.  I just think that the ideal solution would be having
> gpg-agent launch the GUI Activity using "am start", then that GUI
> Activity could talk directly to the gpg-agent UNIX socket, and that

We use a simple stdin/stdout server for the pinentry because it reduces
the complexity in gpg-agent.  The pinentry can't use the
~/.gnupg/S.gpg-agent socket because that one is for the client's (gpg)
communication with the agent.  If we would use that socket also for
pinentry communication, we would need to synchronize the actions of two
clients (the regular client and the pinentry).  That defeats the idea of
having a simple and easy to audit communication with gpg-agent.

Using an extra socket for pinentry would be possible but this also adds
more complexity.  Thus I am very in favor of having a wrapper pinentry
to mediate between gpg-agent and an Android based pinentry.  I hope
there is no limit on the number of processes on Android like we have on

Adding such a daemonized version to the pinentry package and thus
re-using some of the pinentry logic is no problem.  We don't require any
legal BS for pinentry.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list