open-keychain/README.md

# APG

This is a fork of Android Privacy Guard (APG)

I will try to reintegrate the various forks and develope a new user interface and API via AIDL and build a new stable version.

# Contribute

Fork APG and do a merge request. I will merge your changes back into the main project.

# Build

## Build with Ant

1. Add a file called local.properties in org_apg folder with the following lines, altered to your locations of the SDK: ``sdk.dir=/opt/android-sdk``
2. execute "ant release"

## Build with Eclipse

1. File -> Import -> Android -> Existing Android Code Into Workspace, choose com_actionbarsherlock 
2. File -> Import -> Android -> Existing Android Code Into Workspace, choose org_apg
3. Add com_actionbarsherlock as Android Lib (Properties of org_apg -> Android -> Library -> add)
5. APG can now be build

# Libraries

The Libraries are provided in the git repository.

* ActionBarSherlock to provide an ActionBar for Android < 3.0
* Spongy Castle Crypto Lib (Android version of Bouncy Castle)
* android-support-v4.jar: Compatibility Lib
* barcodescanner-android-integration-supportv4.jar: Barcode Scanner Integration

## Build Barcode Scanner Integration

1. Checkout their SVN (see http://code.google.com/p/zxing/source/checkout)
2. Change android-home variable in "build.properties" in the main directory to point to your Android SDK
3. Change directory to android-integration
4. Build using "ant build"
5. We use "android-integration-supportv4.jar"

On error see: http://code.google.com/p/zxing/issues/detail?id=1207

## Build Spongy Castle

Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android.

see http://rtyley.github.com/spongycastle/

# Notes

## Eclipse: "GC overhead limit exceeded"

If you have problems starting APG from Eclipse, consider increasing the memory limits in eclipse.ini.
See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exceeded for more information.

## Generate pressed dashboard icons

1. Open svg file in Inkscape
2. Extensions -> Color -> darker (2 times!)

# Security Model

## Basic goals

* Never (even with permissions) give out actual PGPSecretKey/PGPSecretKeyRing blobs
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)

Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL

## Intents

### Without permission

* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
* EDIT_KEY
* SELECT_PUBLIC_KEYS
* SELECT_SECRET_KEY
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE

### With permission ACCESS_API

* CREATE_KEY
* ENCRYPT_AND_RETURN
* GENERATE_SIGNATURE
* DECRYPT_AND_RETURN

## Content Provider

* The whole content provider requires a permission (only read)
* Don't give out blobs
* Make an internal and external content provider (or pathes with <path-permission>)
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission

## Remote Service

* The whole service requires the permission ACCESS_API

## Resulting permission

* READ_KEY_DATABASE: Read key information (not the actual keys)(content provider)
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service)
Update master 2012-06-13 11:59:26 -04:00			`# APG`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
Update master 2012-06-13 11:59:26 -04:00			`This is a fork of Android Privacy Guard (APG)`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
Update master 2012-06-13 11:59:26 -04:00			`I will try to reintegrate the various forks and develope a new user interface and API via AIDL and build a new stable version.`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
readme 2012-03-12 11:57:05 -04:00			`# Contribute`

Update master 2012-06-13 11:59:26 -04:00			`Fork APG and do a merge request. I will merge your changes back into the main project.`
readme 2012-03-12 11:57:05 -04:00
updated readme 2012-09-05 16:41:21 -04:00			`# Build`
readme 2012-03-12 11:57:05 -04:00
updated readme 2012-09-05 16:41:21 -04:00			`## Build with Ant`
readme 2012-03-12 11:57:05 -04:00
updated readme 2012-09-05 16:42:11 -04:00			1. Add a file called local.properties in org_apg folder with the following lines, altered to your locations of the SDK: ``sdk.dir=/opt/android-sdk``
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`2. execute "ant release"`

updated readme 2012-09-05 16:41:21 -04:00			`## Build with Eclipse`
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00
updated readme 2012-09-05 16:41:21 -04:00			`1. File -> Import -> Android -> Existing Android Code Into Workspace, choose com_actionbarsherlock`
			`2. File -> Import -> Android -> Existing Android Code Into Workspace, choose org_apg`
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`3. Add com_actionbarsherlock as Android Lib (Properties of org_apg -> Android -> Library -> add)`
updated readme 2012-09-05 16:41:21 -04:00			`5. APG can now be build`
readme 2012-03-12 11:57:05 -04:00
			`# Libraries`

			`The Libraries are provided in the git repository.`

			`* ActionBarSherlock to provide an ActionBar for Android < 3.0`
new spongy castle version, restructering, deprecation fixes 2012-06-20 11:44:11 -04:00			`* Spongy Castle Crypto Lib (Android version of Bouncy Castle)`
readme 2012-03-12 11:57:05 -04:00			`* android-support-v4.jar: Compatibility Lib`
new icon and readme 2012-04-12 20:34:46 -04:00			`* barcodescanner-android-integration-supportv4.jar: Barcode Scanner Integration`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`## Build Barcode Scanner Integration`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
			`1. Checkout their SVN (see http://code.google.com/p/zxing/source/checkout)`
			`2. Change android-home variable in "build.properties" in the main directory to point to your Android SDK`
			`3. Change directory to android-integration`
			`4. Build using "ant build"`
			`5. We use "android-integration-supportv4.jar"`

			`On error see: http://code.google.com/p/zxing/issues/detail?id=1207`

working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`## Build Spongy Castle`
fixing qrcode integration 2012-03-09 06:13:28 -05:00
reworking Content Provider 2012-10-25 08:52:13 -04:00			`Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android.`

			`see http://rtyley.github.com/spongycastle/`
Started implementation of Dashboard design pattern 2012-03-11 11:33:47 -04:00
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`# Notes`

dialog for setting passphrase is now in a fragment 2012-09-05 16:35:55 -04:00			`## Eclipse: "GC overhead limit exceeded"`

			`If you have problems starting APG from Eclipse, consider increasing the memory limits in eclipse.ini.`
			`See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exceeded for more information.`

working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`## Generate pressed dashboard icons`
readme 2012-03-12 11:57:05 -04:00
working on externalizing encrypt methods into the service 2012-06-08 20:46:30 -04:00			`1. Open svg file in Inkscape`
Wrote security concept 2012-11-15 17:25:21 -05:00			`2. Extensions -> Color -> darker (2 times!)`

implemented security model 2012-11-15 20:34:21 -05:00			`# Security Model`
Wrote security concept 2012-11-15 17:25:21 -05:00
			`## Basic goals`

			`* Never (even with permissions) give out actual PGPSecretKey/PGPSecretKeyRing blobs`
			`* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)`

			`Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL`

			`## Intents`

			`### Without permission`

			`* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt`
			`* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt`
			`* IMPORT`
			`* EDIT_KEY`
			`* SELECT_PUBLIC_KEYS`
			`* SELECT_SECRET_KEY`
			`* ENCRYPT`
			`* ENCRYPT_FILE`
			`* DECRYPT`
			`* DECRYPT_FILE`

implemented security model 2012-11-15 20:34:21 -05:00			`### With permission ACCESS_API`
Wrote security concept 2012-11-15 17:25:21 -05:00
			`* CREATE_KEY`
			`* ENCRYPT_AND_RETURN`
			`* GENERATE_SIGNATURE`
			`* DECRYPT_AND_RETURN`

			`## Content Provider`

			`* The whole content provider requires a permission (only read)`
			`* Don't give out blobs`
			`* Make an internal and external content provider (or pathes with <path-permission>)`
			`* Look at android:grantUriPermissions especially for ApgServiceBlobProvider`
			`* Only give out android:readPermission`

			`## Remote Service`

implemented security model 2012-11-15 20:34:21 -05:00			`* The whole service requires the permission ACCESS_API`
Wrote security concept 2012-11-15 17:25:21 -05:00
			`## Resulting permission`

implemented security model 2012-11-15 20:34:21 -05:00			`* READ_KEY_DATABASE: Read key information (not the actual keys)(content provider)`
			`* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service)`