open-keychain/OLD_API.md
2013-09-06 11:24:28 +02:00

1.9 KiB

This is the old API. Currently disabled!

Security Model

Basic goals

  • Intents without permissions should only work based on user interaction (e.g. click a button in a dialog)

Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL

Possible Permissions

  • ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider)
  • ACCESS_KEYS: get and import actual public and secret keys (remote service)

Without Permissions

Intents

All Intents start with org.sufficientlysecure.keychain.action.

  • android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt
  • android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt
  • IMPORT
  • IMPORT_FROM_FILE
  • IMPORT_FROM_QR_CODE
  • IMPORT_FROM_NFC
  • SHARE_KEYRING
  • SHARE_KEYRING_WITH_QR_CODE
  • SHARE_KEYRING_WITH_NFC
  • EDIT_KEYRING
  • SELECT_PUBLIC_KEYRINGS
  • SELECT_SECRET_KEYRING
  • ENCRYPT
  • ENCRYPT_FILE
  • DECRYPT
  • DECRYPT_FILE

With permission ACCESS_API

Intents

  • CREATE_KEYRING
  • ENCRYPT_AND_RETURN
  • ENCRYPT_STREAM_AND_RETURN
  • GENERATE_SIGNATURE_AND_RETURN
  • DECRYPT_AND_RETURN
  • DECRYPT_STREAM_AND_RETURN

Broadcast Receiver

On change of database the following broadcast is send.

  • DATABASE_CHANGE

Content Provider

  • The whole content provider requires a permission (only read)
  • Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service)
  • Make an internal and external content provider (or pathes with )
  • Look at android:grantUriPermissions especially for ApgServiceBlobProvider
  • Only give out android:readPermission

ApgApiService (Remote Service)

AIDL service

With permission ACCESS_KEYS

ApgKeyService (Remote Service)

AIDL service to access actual private keyring objects