2013-01-16 08:45:15 -05:00
# OpenPGP Keychain (for Android)
2012-03-09 06:13:28 -05:00
2013-01-16 08:45:15 -05:00
OpenPGP Keychain is a EXPERIMENTAL fork of Android Privacy Guard (APG)
2012-03-09 06:13:28 -05:00
2012-03-12 11:57:05 -04:00
# Contribute
2013-01-16 08:45:15 -05:00
Fork OpenPGP Keychain and do a merge request. I will merge your changes back into the main project.
2012-03-12 11:57:05 -04:00
2012-09-05 16:41:21 -04:00
# Build
2012-03-12 11:57:05 -04:00
2013-05-25 16:52:44 -04:00
## Build with Gradle
1. Have Android SDK "tools", "platform-tools", and "build-tools" directories in your PATH (http://developer.android.com/sdk/index.html)
2. Export ANDROID_HOME pointing to your Android SDK
2013-05-25 17:14:36 -04:00
3. Install gradle
4. Execute ``gradle wrapper`` (http://www.gradle.org/docs/current/userguide/gradle_wrapper.html)
5. Execute ``./gradlew assemble``
2013-05-25 16:52:44 -04:00
2012-09-05 16:41:21 -04:00
## Build with Ant
2012-03-12 11:57:05 -04:00
2013-01-03 07:09:45 -05:00
1. Have Android SDK "tools" directory in your PATH (http://developer.android.com/sdk/index.html)
2013-05-25 16:52:44 -04:00
2. Execute ``android update project -p OpenPGP-Keychain`` and ``android update project -p libraries/ActionBarSherlock``
3. Execute ``cd OpenPGP-Kechain``, ``ant debug``
2012-06-08 20:46:30 -04:00
2012-09-05 16:41:21 -04:00
## Build with Eclipse
2012-06-08 20:46:30 -04:00
2013-05-25 16:52:44 -04:00
1. File -> Import -> Android -> Existing Android Code Into Workspace, choose "libraries/ActionBarSherlock"
2013-05-13 10:10:52 -04:00
2. File -> Import -> Android -> Existing Android Code Into Workspace, choose "OpenPGP-Keychain"
2013-01-16 08:45:15 -05:00
3. OpenPGP-Kechain can now be build
2012-03-12 11:57:05 -04:00
# Libraries
2013-05-25 16:52:44 -04:00
All JAR-Libraries are provided in this repository under "libs", all Android Library projects are under "libraries".
2012-03-12 11:57:05 -04:00
* ActionBarSherlock to provide an ActionBar for Android < 3.0
2013-05-13 10:10:52 -04:00
* forked Spongy Castle Crypto Lib (Android version of Bouncy Castle)
2012-03-12 11:57:05 -04:00
* android-support-v4.jar: Compatibility Lib
2012-04-12 20:34:46 -04:00
* barcodescanner-android-integration-supportv4.jar: Barcode Scanner Integration
2012-03-09 06:13:28 -05:00
2012-06-08 20:46:30 -04:00
## Build Barcode Scanner Integration
2012-03-09 06:13:28 -05:00
1. Checkout their SVN (see http://code.google.com/p/zxing/source/checkout)
2013-01-03 07:09:45 -05:00
2. Change android-home variable in "build.properties" in the main directory to point to your Android SDK
2012-03-09 06:13:28 -05:00
3. Change directory to android-integration
2012-11-19 16:42:55 -05:00
4. Build using ``ant build``
2013-01-03 07:09:45 -05:00
5. We use "android-integration-supportv4.jar"
2012-03-09 06:13:28 -05:00
On error see: http://code.google.com/p/zxing/issues/detail?id=1207
2012-06-08 20:46:30 -04:00
## Build Spongy Castle
2012-03-09 06:13:28 -05:00
2013-05-13 10:10:52 -04:00
Spongy Castle is the stock Bouncy Castle libraries with a couple of small changes to make it work on Android. OpenPGP-Keychain uses a forked version with some small changes to improve key import speed. These changes will be sent to Bouncy Castle, and Spongy Castle will be used again when they have filtered down.
see
* http://rtyley.github.com/spongycastle/
* https://github.com/ashh87/spongycastle
2012-10-25 08:52:13 -04:00
2012-03-11 11:33:47 -04:00
2012-06-08 20:46:30 -04:00
# Notes
2012-09-05 16:35:55 -04:00
## Eclipse: "GC overhead limit exceeded"
2013-01-16 08:45:15 -05:00
If you have problems starting OpenPGP Kechain from Eclipse, consider increasing the memory limits in eclipse.ini.
2012-09-05 16:35:55 -04:00
See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exceeded for more information.
2012-06-08 20:46:30 -04:00
## Generate pressed dashboard icons
2012-03-12 11:57:05 -04:00
2012-06-08 20:46:30 -04:00
1. Open svg file in Inkscape
2012-11-15 17:25:21 -05:00
2. Extensions -> Color -> darker (2 times!)
2012-11-15 20:34:21 -05:00
# Security Model
2012-11-15 17:25:21 -05:00
## Basic goals
* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)
Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL
2013-01-18 17:51:44 -05:00
## Possible Permissions
2012-12-14 12:22:03 -05:00
* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
* ACCESS_KEYS: get and import actual public and secret keys (remote service)
2013-01-18 17:51:44 -05:00
## Without Permissions
2012-11-15 17:25:21 -05:00
2013-01-18 17:51:44 -05:00
### Intents
All Intents start with org.sufficientlysecure.keychain.action.
2012-11-15 17:25:21 -05:00
* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
* IMPORT
2013-01-07 09:56:56 -05:00
* IMPORT_FROM_FILE
* IMPORT_FROM_QR_CODE
* IMPORT_FROM_NFC
2013-01-08 16:12:23 -05:00
* SHARE_KEYRING
* SHARE_KEYRING_WITH_QR_CODE
* SHARE_KEYRING_WITH_NFC
2013-01-16 19:53:49 -05:00
* EDIT_KEYRING
* SELECT_PUBLIC_KEYRINGS
* SELECT_SECRET_KEYRING
2012-11-15 17:25:21 -05:00
* ENCRYPT
* ENCRYPT_FILE
* DECRYPT
* DECRYPT_FILE
2013-01-18 17:51:44 -05:00
## With permission ACCESS_API
### Intents
2012-11-15 17:25:21 -05:00
2013-01-16 19:53:49 -05:00
* CREATE_KEYRING
2012-11-15 17:25:21 -05:00
* ENCRYPT_AND_RETURN
2013-01-16 19:48:57 -05:00
* ENCRYPT_STREAM_AND_RETURN
* GENERATE_SIGNATURE_AND_RETURN
2012-11-15 17:25:21 -05:00
* DECRYPT_AND_RETURN
2013-01-16 19:48:57 -05:00
* DECRYPT_STREAM_AND_RETURN
2012-11-15 17:25:21 -05:00
2013-01-18 17:51:44 -05:00
### Broadcast Receiver
On change of database the following broadcast is send.
* DATABASE_CHANGE
### Content Provider
2012-11-15 17:25:21 -05:00
* The whole content provider requires a permission (only read)
2012-12-14 12:22:03 -05:00
* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
2012-11-15 17:25:21 -05:00
* Make an internal and external content provider (or pathes with < path-permission > )
* Look at android:grantUriPermissions especially for ApgServiceBlobProvider
* Only give out android:readPermission
2013-01-18 17:51:44 -05:00
### ApgApiService (Remote Service)
AIDL service
## With permission ACCESS_KEYS
2012-11-15 17:25:21 -05:00
2013-01-18 17:51:44 -05:00
### ApgKeyService (Remote Service)
AIDL service to access actual private keyring objects
2012-12-19 08:05:08 -05:00
# Licenses
2013-01-16 08:45:15 -05:00
OpenPGP Kechain is licensed under Apache License v2.
2012-12-19 08:05:08 -05:00
## Libraries
* ActionBarSherlock
http://actionbarsherlock.com/
Apache License v2
* SpongyCastle
https://github.com/rtyley/spongycastle
MIT X11 License
* ZXing QRCode Integration
http://code.google.com/p/zxing/
Apache License v2
* HTMLCleaner
http://htmlcleaner.sourceforge.net/
BSD License
* HtmlSpanner
Apache License v2
## Images
* icon.svg
modified version of kgpg_key2_kopete.svgz
* dashboard_manage_keys.svg, dashboard_my_keys.svg, key.svg
http://rrze-icon-set.berlios.de/
Creative Commons Attribution Share-Alike licence 3.0
* dashboard_decrypt.svg, dashboard_encrypt.svg, dashboard_help.svg
http://tango.freedesktop.org/
Public Domain
* dashboard_scan_qrcode.svg
2013-01-16 08:45:15 -05:00
New creation for OpenPGP Kechain
2013-05-13 10:10:52 -04:00
Apache License v2