open-keychain/README.md

# OpenPGP Keychain (for Android)

OpenPGP Keychain is a EXPERIMENTAL fork of Android Privacy Guard (APG)

# Contribute

Fork OpenPGP Keychain and do a merge request. I will merge your changes back into the main project.

# Build

## Build with Gradle

1. Have Android SDK "tools", "platform-tools", and "build-tools" directories in your PATH (http://developer.android.com/sdk/index.html)
2. Export ANDROID_HOME pointing to your Android SDK
3. Install gradle
4. Execute ``gradle wrapper`` (http://www.gradle.org/docs/current/userguide/gradle_wrapper.html)
5. Execute ``./gradlew assemble``

## Build with Ant

1. Have Android SDK "tools" directory in your PATH (http://developer.android.com/sdk/index.html)
2. Execute ``android update project -p OpenPGP-Keychain`` and  ``android update project -p libraries/ActionBarSherlock``
3. Execute ``cd OpenPGP-Kechain``, ``ant debug``

## Build with Eclipse

1. File -> Import -> Android -> Existing Android Code Into Workspace, choose "libraries/ActionBarSherlock"
2. File -> Import -> Android -> Existing Android Code Into Workspace, choose "OpenPGP-Keychain"
3. OpenPGP-Kechain can now be build

# Libraries

All JAR-Libraries are provided in this repository under "libs", all Android Library projects are under "libraries".

* ActionBarSherlock to provide an ActionBar for Android < 3.0
* forked Spongy Castle Crypto Lib (Android version of Bouncy Castle)
* android-support-v4.jar: Compatibility Lib
* barcodescanner-android-integration-supportv4.jar: Barcode Scanner Integration

## Build Barcode Scanner Integration

1. Checkout their SVN (see http://code.google.com/p/zxing/source/checkout)
2. Change android-home variable in "build.properties" in the main directory to point to your Android SDK
3. Change directory to android-integration
4. Build using ``ant build``
5. We use "android-integration-supportv4.jar"

On error see: http://code.google.com/p/zxing/issues/detail?id=1207

## Build Spongy Castle

Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android. OpenPGP-Keychain uses a forked version with some small changes to improve key import speed. These changes have been sent to Bouncy Castle, and Spongy Castle will be used again when they have filtered down.

see
* http://rtyley.github.com/spongycastle/
* https://github.com/ashh87/spongycastle


# Notes

## Eclipse: "GC overhead limit exceeded"

If you have problems starting OpenPGP Kechain from Eclipse, consider increasing the memory limits in eclipse.ini.
See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exceeded for more information.

## Generate pressed dashboard icons

1. Open svg file in Inkscape
2. Extensions -> Color -> darker (2 times!)

# Security Model

## Basic goals

* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)

Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL

## Possible Permissions

* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)

## Without Permissions

### Intents
All Intents start with org.sufficientlysecure.keychain.action.

* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* IMPORT_FROM_FILE
* IMPORT_FROM_QR_CODE
* IMPORT_FROM_NFC
* SHARE_KEYRING
* SHARE_KEYRING_WITH_QR_CODE
* SHARE_KEYRING_WITH_NFC
* EDIT_KEYRING
* SELECT_PUBLIC_KEYRINGS
* SELECT_SECRET_KEYRING
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE

## With permission ACCESS_API

### Intents

* CREATE_KEYRING
* ENCRYPT_AND_RETURN
* ENCRYPT_STREAM_AND_RETURN
* GENERATE_SIGNATURE_AND_RETURN
* DECRYPT_AND_RETURN
* DECRYPT_STREAM_AND_RETURN

### Broadcast Receiver
On change of database the following broadcast is send.
* DATABASE_CHANGE

### Content Provider

* The whole content provider requires a permission (only read)
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission

### ApgApiService (Remote Service)
AIDL service

## With permission ACCESS_KEYS

### ApgKeyService (Remote Service)
AIDL service to access actual private keyring objects

# Licenses
OpenPGP Kechain is licensed under Apache License v2.

## Libraries
* ActionBarSherlock  
  http://actionbarsherlock.com/  
  Apache License v2

* SpongyCastle  
  https://github.com/rtyley/spongycastle  
  MIT X11 License

* ZXing QRCode Integration  
  http://code.google.com/p/zxing/  
  Apache License v2

* HTMLCleaner  
  http://htmlcleaner.sourceforge.net/  
  BSD License

* HtmlSpanner  
  Apache License v2


## Images
* icon.svg  
  modified version of kgpg_key2_kopete.svgz

* dashboard_manage_keys.svg, dashboard_my_keys.svg, key.svg  
  http://rrze-icon-set.berlios.de/  
  Creative Commons Attribution Share-Alike licence 3.0

* dashboard_decrypt.svg, dashboard_encrypt.svg, dashboard_help.svg  
  http://tango.freedesktop.org/  
  Public Domain

* dashboard_scan_qrcode.svg  
  New creation for OpenPGP Kechain  
  Apache License v2
Rename fixes 2013-01-16 08:45:15 -05:00			`# OpenPGP Keychain (for Android)`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
Rename fixes 2013-01-16 08:45:15 -05:00			`OpenPGP Keychain is a EXPERIMENTAL fork of Android Privacy Guard (APG)`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
readme 2012-03-12 11:57:05 -04:00			`# Contribute`

Rename fixes 2013-01-16 08:45:15 -05:00			`Fork OpenPGP Keychain and do a merge request. I will merge your changes back into the main project.`
readme 2012-03-12 11:57:05 -04:00
updated readme 2012-09-05 16:41:21 -04:00			`# Build`
readme 2012-03-12 11:57:05 -04:00
Update README for gradle 2013-05-25 16:52:44 -04:00			`## Build with Gradle`

			`1. Have Android SDK "tools", "platform-tools", and "build-tools" directories in your PATH (http://developer.android.com/sdk/index.html)`
			`2. Export ANDROID_HOME pointing to your Android SDK`
gradle wrapper 2013-05-25 17:14:36 -04:00			`3. Install gradle`
			4. Execute ``gradle wrapper`` (http://www.gradle.org/docs/current/userguide/gradle_wrapper.html)
			5. Execute ``./gradlew assemble``
Update README for gradle 2013-05-25 16:52:44 -04:00
updated readme 2012-09-05 16:41:21 -04:00			`## Build with Ant`
readme 2012-03-12 11:57:05 -04:00
update readme 2013-01-03 07:09:45 -05:00			`1. Have Android SDK "tools" directory in your PATH (http://developer.android.com/sdk/index.html)`
Update README for gradle 2013-05-25 16:52:44 -04:00			2. Execute ``android update project -p OpenPGP-Keychain`` and ``android update project -p libraries/ActionBarSherlock``
			3. Execute ``cd OpenPGP-Kechain``, ``ant debug``
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00
updated readme 2012-09-05 16:41:21 -04:00			`## Build with Eclipse`
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00
Update README for gradle 2013-05-25 16:52:44 -04:00			`1. File -> Import -> Android -> Existing Android Code Into Workspace, choose "libraries/ActionBarSherlock"`
2/2 use forked spongycastle to speed up secret key imports 2013-05-13 10:10:52 -04:00			`2. File -> Import -> Android -> Existing Android Code Into Workspace, choose "OpenPGP-Keychain"`
Rename fixes 2013-01-16 08:45:15 -05:00			`3. OpenPGP-Kechain can now be build`
readme 2012-03-12 11:57:05 -04:00
			`# Libraries`

Update README for gradle 2013-05-25 16:52:44 -04:00			`All JAR-Libraries are provided in this repository under "libs", all Android Library projects are under "libraries".`
readme 2012-03-12 11:57:05 -04:00
			`* ActionBarSherlock to provide an ActionBar for Android < 3.0`
2/2 use forked spongycastle to speed up secret key imports 2013-05-13 10:10:52 -04:00			`* forked Spongy Castle Crypto Lib (Android version of Bouncy Castle)`
readme 2012-03-12 11:57:05 -04:00			`* android-support-v4.jar: Compatibility Lib`
new icon and readme 2012-04-12 20:34:46 -04:00			`* barcodescanner-android-integration-supportv4.jar: Barcode Scanner Integration`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`## Build Barcode Scanner Integration`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
			`1. Checkout their SVN (see http://code.google.com/p/zxing/source/checkout)`
update readme 2013-01-03 07:09:45 -05:00			`2. Change android-home variable in "build.properties" in the main directory to point to your Android SDK`
fixing qrcode integration 2012-03-09 06:13:28 -05:00			`3. Change directory to android-integration`
update readme 2012-11-19 16:42:55 -05:00			4. Build using ``ant build``
update readme 2013-01-03 07:09:45 -05:00			`5. We use "android-integration-supportv4.jar"`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
			`On error see: http://code.google.com/p/zxing/issues/detail?id=1207`

working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`## Build Spongy Castle`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
use Bouncycastle updated API 2013-05-18 18:11:14 -04:00			`Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android. OpenPGP-Keychain uses a forked version with some small changes to improve key import speed. These changes have been sent to Bouncy Castle, and Spongy Castle will be used again when they have filtered down.`
2/2 use forked spongycastle to speed up secret key imports 2013-05-13 10:10:52 -04:00
			`see`
			`* http://rtyley.github.com/spongycastle/`
			`* https://github.com/ashh87/spongycastle`
reworking Content Provider 2012-10-25 08:52:13 -04:00
Started implementation of Dashboard design pattern 2012-03-11 11:33:47 -04:00
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`# Notes`

dialog for setting passphrase is now in a fragment 2012-09-05 16:35:55 -04:00			`## Eclipse: "GC overhead limit exceeded"`

Rename fixes 2013-01-16 08:45:15 -05:00			`If you have problems starting OpenPGP Kechain from Eclipse, consider increasing the memory limits in eclipse.ini.`
dialog for setting passphrase is now in a fragment 2012-09-05 16:35:55 -04:00			`See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exceeded for more information.`

working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`## Generate pressed dashboard icons`
readme 2012-03-12 11:57:05 -04:00
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`1. Open svg file in Inkscape`
Wrote security concept 2012-11-15 17:25:21 -05:00			`2. Extensions -> Color -> darker (2 times!)`

implemented security model 2012-11-15 20:34:21 -05:00			`# Security Model`
Wrote security concept 2012-11-15 17:25:21 -05:00
			`## Basic goals`

			`* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)`

			`Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL`

New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`## Possible Permissions`
AIDL API changes 2012-12-14 12:22:03 -05:00
			`* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)`
			`* ACCESS_KEYS: get and import actual public and secret keys (remote service)`

New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`## Without Permissions`
Wrote security concept 2012-11-15 17:25:21 -05:00
New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`### Intents`
			`All Intents start with org.sufficientlysecure.keychain.action.`
Wrote security concept 2012-11-15 17:25:21 -05:00
			`* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt`
			`* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt`
			`* IMPORT`
Externalize all import actions into ImportKeysActivity 2013-01-07 09:56:56 -05:00			`* IMPORT_FROM_FILE`
			`* IMPORT_FROM_QR_CODE`
			`* IMPORT_FROM_NFC`
Generic share of keyring via Android Intent SEND, renaming of own share intents 2013-01-08 16:12:23 -05:00			`* SHARE_KEYRING`
			`* SHARE_KEYRING_WITH_QR_CODE`
			`* SHARE_KEYRING_WITH_NFC`
rename intent actions to use KEYRING instead of KEY 2013-01-16 19:53:49 -05:00			`* EDIT_KEYRING`
			`* SELECT_PUBLIC_KEYRINGS`
			`* SELECT_SECRET_KEYRING`
Wrote security concept 2012-11-15 17:25:21 -05:00			`* ENCRYPT`
			`* ENCRYPT_FILE`
			`* DECRYPT`
			`* DECRYPT_FILE`

New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`## With permission ACCESS_API`

			`### Intents`
Wrote security concept 2012-11-15 17:25:21 -05:00
rename intent actions to use KEYRING instead of KEY 2013-01-16 19:53:49 -05:00			`* CREATE_KEYRING`
Wrote security concept 2012-11-15 17:25:21 -05:00			`* ENCRYPT_AND_RETURN`
Intent action fixes 2013-01-16 19:48:57 -05:00			`* ENCRYPT_STREAM_AND_RETURN`
			`* GENERATE_SIGNATURE_AND_RETURN`
Wrote security concept 2012-11-15 17:25:21 -05:00			`* DECRYPT_AND_RETURN`
Intent action fixes 2013-01-16 19:48:57 -05:00			`* DECRYPT_STREAM_AND_RETURN`
Wrote security concept 2012-11-15 17:25:21 -05:00
New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`### Broadcast Receiver`
			`On change of database the following broadcast is send.`
			`* DATABASE_CHANGE`

			`### Content Provider`
Wrote security concept 2012-11-15 17:25:21 -05:00
			`* The whole content provider requires a permission (only read)`
AIDL API changes 2012-12-14 12:22:03 -05:00			`* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)`
Wrote security concept 2012-11-15 17:25:21 -05:00			`* Make an internal and external content provider (or pathes with <path-permission>)`
			`* Look at android:grantUriPermissions especially for ApgServiceBlobProvider`
			`* Only give out android:readPermission`

New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`### ApgApiService (Remote Service)`
			`AIDL service`

			`## With permission ACCESS_KEYS`
Wrote security concept 2012-11-15 17:25:21 -05:00
New broadcast on database change to inform other apps 2013-01-18 17:51:44 -05:00			`### ApgKeyService (Remote Service)`
			`AIDL service to access actual private keyring objects`
licenses into readme 2012-12-19 08:05:08 -05:00
			`# Licenses`
Rename fixes 2013-01-16 08:45:15 -05:00			`OpenPGP Kechain is licensed under Apache License v2.`
licenses into readme 2012-12-19 08:05:08 -05:00
			`## Libraries`
			`* ActionBarSherlock`
			`http://actionbarsherlock.com/`
			`Apache License v2`

			`* SpongyCastle`
			`https://github.com/rtyley/spongycastle`
			`MIT X11 License`

			`* ZXing QRCode Integration`
			`http://code.google.com/p/zxing/`
			`Apache License v2`

			`* HTMLCleaner`
			`http://htmlcleaner.sourceforge.net/`
			`BSD License`

			`* HtmlSpanner`
			`Apache License v2`


			`## Images`
			`* icon.svg`
			`modified version of kgpg_key2_kopete.svgz`

			`* dashboard_manage_keys.svg, dashboard_my_keys.svg, key.svg`
			`http://rrze-icon-set.berlios.de/`
			`Creative Commons Attribution Share-Alike licence 3.0`

			`* dashboard_decrypt.svg, dashboard_encrypt.svg, dashboard_help.svg`
			`http://tango.freedesktop.org/`
			`Public Domain`

			`* dashboard_scan_qrcode.svg`
Rename fixes 2013-01-16 08:45:15 -05:00			`New creation for OpenPGP Kechain`
2/2 use forked spongycastle to speed up secret key imports 2013-05-13 10:10:52 -04:00			`Apache License v2`