On 06/07/2013 02:00 AM, Dominik Schürmann wrote:
> Hey Hans,
>
> On 04.06.2013 02:24, Hans-Christoph Steiner wrote:
>>
>> Hey Dominik,
>>
>> I was looking into this a bit more, comparing the AIDL vs Messenger approach
>> [1][2]. AIDL is so complicated but the interface you have does seem pretty
>> straightforward. Your demo app does not use it as an external process via the
>> oneway functions, so its hard to see what it would look like to the clients
>> who would be using that API.
>
> I implemented a test in
>
https://github.com/dschuermann/k-9/blob/crypto_provider/src/com/fsck/k9/view/MessageCryptoView.java
>
> In onCreate you connect to the external service process and then you
> implement ICryptoCallback.Stub() in that class. The onRequiredActivity
> part will be removed. In decryptOnClick() you can see
>
> mCryptoServiceConnection.getService().decryptAndVerify(data.getBytes(),
> callback);
>
> to execute decrypt remotely.
>
> So I think, the client part is really convenient and easy as it is based
> on implementing interfaces.
>
> There is a lot to do to clean up my repo, also the Keychain Demo App
> needs to be revised and updated.
My last concern with this is related to the chain of Intents and the whole
back queue and "recently used" functionality. So we're still planning on
having gpgcli handle the prompting for passphrases, and for sorting out if
there are multiple matches when searching for a key by email address.
Normally in Android, an Activity from a different app is started by launching
an Intent, so for example if K-9 requests encryption using an email address
that has multiple local keys, this is the flow (--> is an Intent):
k-9 --> gpgcli --> KeyListApp
But using AIDL there would be a broken chain:
k-9 AIDL>> gpgcli --> KeyListApp
I think that Android does not treat and AIDL call the same as an Intnet, and
this will end up causing strange behavior when switching around Activities,
like the back button will take you to the wrong place, or things like that.
>> Also, AIDL assumes multi-threaded operation of the Service, but I think that
>> compared to a queue-based Messenger Service, a setup that runs crypto
>> operations in parallel will probably provide a worse user experience most of
>> the time. Most phones are not very powerful, so having more than one
>> long-running crypto operation would cripple them. The queue that is automatic
>> when making a Messenger interaction with a Service comes for free, but maybe
>> the API would not be as nice since it wouldn't be Java Interfaces.
>
> I also need to implement threaded queues for each bound package,
> currently working on this. AIDL services are not automatically thread safe.
> Even though the passphrase is not entered, the apps should already queue
> encrypt/decrypt operations that should be handled after entering the
> passphrase.
>
> Could you point me to the code where you start the passphrase dialog in
> guardianproject's gpg and connect to your service for returning the
> entered passphrase? I couldn't find this code.
>
> I am currently time constraint, I will present more code at the end of
> the next week.
This is handled by gpg-agent for us. gpg-agent acts as the crypto engine and
also the core logic of the crypto operations. We just ask to
decrypt/verify/sign/encrypt without any thought to the passphrase, then
gpg-agent triggers the prompt if its needed. gpg-agent also handles the
caching of the passphrase.
You might be interested in our project cacheword. Its a password caching
service for android. We're tailoring it to things like SQLCipher, IOCipher,
etc. passwords but I think it could be applicable to this situation.
https://github.com/guardianproject/cacheword
Abel wrote it, so he can chime in with more details, or just ask him.
.hc