Extending Open-Keychain
54 views
Skip to first unread message
Uwe Plonus
Jan 5, 2015, 8:31:24 AM1/5/15
to openpgp-ke...@googlegroups.com, k-9...@googlegroups.com
Hello Open-Keychain Developers, hello K9 Developers,
I've analysed the PGP integration into K9 the last days. I think that I understand the problems why an integration of PGP/MIME into K9 is not done until now.
I see some possibilities to integrate PGP/MIME into K9 but all have some up- and downsides. Some also involve changing Open-Keychange (or the openintent interface).
So what possibilities do I see in integrating PGP/MIME with K9?
First possibility: We can split the PGP/MIME message and then reassemble this into the current format to send this to Open-Keychain. I'm not happy with such a solution as it is error prone.
Second possibility: We can change Open-Keychain so that it understands the PGP/MIME format. Then we can send the complete message from K9 to Open-Keychain and Open-Keychain would make the rest. I'm also not happy with such a solution as I think that Open-Keychain should not know anything about MIME.
Third possibility: The MIME handling is done in K9 (which already has the most parts of it) and sends only the relevant parts to Open-Keychain. For this to work Open-Keychain has to be extended to handle detached signatures. So every app does what it is designed for. I would be happy with such a solution so I will extend this solution a little bit more:
We extend Open-Keychain to handle a new Intent with an extra parameter with a detached signature. Spongycastle can do this already therefore I think that the changes for this would be minimal on Open-Keychain.
We extend K9 to understand PGP/MIME according to RFC 3156 and send the signature as a detached signature to Open-Keychain and let it check it.
For decryption there should be no change to Open-Keychain and only K9 has to handle it correctly.
For encryption and signing there should also be no change in Open-Keychain and K9 must create the correct MIME message.
I will help implementing such changes to both parts if you are happy with such a solution.
Uwe
Greg Troxel
Jan 5, 2015, 8:55:51 AM1/5/15
to Uwe Plonus, openpgp-ke...@googlegroups.com, k-9...@googlegroups.com
Uwe Plonus <u.pl...@gmail.com> writes:
> *Third possibility*: The MIME handling is done in K9 (which already has the
> most parts of it) and sends only the relevant parts to Open-Keychain. For
> this to work Open-Keychain has to be extended to handle detached
> signatures. So every app does what it is designed for. I would be happy
> with such a solution so I will extend this solution a little bit more:
>
> We extend Open-Keychain to handle a new Intent with an extra parameter with
> a detached signature. Spongycastle can do this already therefore I think
> that the changes for this would be minimal on Open-Keychain.
>
> We extend K9 to understand PGP/MIME according to RFC 3156 and send the
> signature as a detached signature to Open-Keychain and let it check it.
>
> For decryption there should be no change to Open-Keychain and only K9 has
> to handle it correctly.
>
> For encryption and signing there should also be no change in Open-Keychain
> and K9 must create the correct MIME message.
I'm not a developer of either program, but this sounds sensible to me.
> this to work Open-Keychain has to be extended to handle detached
> signatures. So every app does what it is designed for. I would be happy
> with such a solution so I will extend this solution a little bit more:
>
> We extend Open-Keychain to handle a new Intent with an extra parameter with
> a detached signature. Spongycastle can do this already therefore I think
> that the changes for this would be minimal on Open-Keychain.
>
> We extend K9 to understand PGP/MIME according to RFC 3156 and send the
> signature as a detached signature to Open-Keychain and let it check it.
>
> For decryption there should be no change to Open-Keychain and only K9 has
> to handle it correctly.
>
> For encryption and signing there should also be no change in Open-Keychain
> and K9 must create the correct MIME message.
Is the Intent being used now specific to Open-Keychain, or can it
alternatively be handled by APG? I have been unclear on whether these
programs intend to do the same thing, and whether coordination of
intent names/formats would be useful.
Uwe Plonus
Jan 5, 2015, 12:05:08 PM1/5/15
to k-9...@googlegroups.com, openpgp-ke...@googlegroups.com
Open-Keychain API (it's part of openpgp-api-lib). If AGP wants to
implement this it is possible but AGP has to implement the new interface
then (which is only a small extension of the current interface).
So it is possible that all implementations that use this interface can
use this also.
Uwe
Dominik Schuermann
Jan 8, 2015, 6:39:36 AM1/8/15
to Uwe Plonus, k-9...@googlegroups.com, openpgp-ke...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Uwe,
thanks for triggering the discussion about the API design, it helped
Vincent and me to find a good proposal how to change our API for the
upcoming MIME support. I will push a new branch this week basically
implementing the third possibility of your proposal in OpenKeychain's
API and then write again on this mailing list.
cketti, Valodim and I will work end of this month on getting the
required functionality into K-9 Mail. If you like you can also work on
the K-9 part using the mime repo:
https://github.com/k9mail/k9mail_pgp_mime
Regarding APG: Don't bother about APG, it is no longer maintained as
Thialfiar disappeared from the Internet.
Regards
Dominik
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUrmx1AAoJEHGMBwEAASKCD4wH/RFw5fS4zOAX7CQuhgJn3tim
1V15TA4bLpMX/goEHZw327x0mQE/QCa6fzEe+0bPrB3SEj3d7Dn7Fr5hQ/6nn6dC
3VNNqHPbPAU0fbQUlm4zOIxHhxd/pb/GOE92EmcJftV6MSnOgwApmvlUqDrNy+qr
mz+qI3Rq8aoC5xV0ddOFhIs7i5fyJ76jdzpsY7FZiJG/HVdEB8i5STRfA17MatdC
QUJ3Kn4HB9kr9CLjD+jc7tyChTEirvcvULNNYUFLgg9n8oSfT33WGOsbfyGUdzJX
P8uvSAsaDInrf14wNLViYPOBJqxyJYyyxjkhb7DwOMMa3X/IalUjiBZc3CzSwFQ=
=uwsn
-----END PGP SIGNATURE-----
Hash: SHA1
Hey Uwe,
thanks for triggering the discussion about the API design, it helped
Vincent and me to find a good proposal how to change our API for the
upcoming MIME support. I will push a new branch this week basically
implementing the third possibility of your proposal in OpenKeychain's
API and then write again on this mailing list.
cketti, Valodim and I will work end of this month on getting the
required functionality into K-9 Mail. If you like you can also work on
the K-9 part using the mime repo:
https://github.com/k9mail/k9mail_pgp_mime
Regarding APG: Don't bother about APG, it is no longer maintained as
Thialfiar disappeared from the Internet.
Regards
Dominik
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJUrmx1AAoJEHGMBwEAASKCD4wH/RFw5fS4zOAX7CQuhgJn3tim
1V15TA4bLpMX/goEHZw327x0mQE/QCa6fzEe+0bPrB3SEj3d7Dn7Fr5hQ/6nn6dC
3VNNqHPbPAU0fbQUlm4zOIxHhxd/pb/GOE92EmcJftV6MSnOgwApmvlUqDrNy+qr
mz+qI3Rq8aoC5xV0ddOFhIs7i5fyJ76jdzpsY7FZiJG/HVdEB8i5STRfA17MatdC
QUJ3Kn4HB9kr9CLjD+jc7tyChTEirvcvULNNYUFLgg9n8oSfT33WGOsbfyGUdzJX
P8uvSAsaDInrf14wNLViYPOBJqxyJYyyxjkhb7DwOMMa3X/IalUjiBZc3CzSwFQ=
=uwsn
-----END PGP SIGNATURE-----
cketti
Jan 8, 2015, 6:56:44 AM1/8/15
to Uwe Plonus, openpgp-ke...@googlegroups.com, k-9...@googlegroups.com
On 05.01.2015 14:31, Uwe Plonus wrote:
We extend K9 to understand PGP/MIME according to RFC 3156 and send the signature as a detached signature to Open-Keychain and let it check it.
That's the current plan. But the part that requires the most time is
modifying K-9 Mail to store messages in a format that allows
reconstructing byte-identical copies of the original message. That's
necessary to be able to verify signed PGP/MIME messages.
Unfortunately, a lot of things depend on the way we currently store messages. So after changing the database schema, a lot of fix up work is necessary.
You can check out my current progress here:
https://github.com/k9mail/k-9/tree/pgp_mime_preparations
Unfortunately, a lot of things depend on the way we currently store messages. So after changing the database schema, a lot of fix up work is necessary.
You can check out my current progress here:
https://github.com/k9mail/k-9/tree/pgp_mime_preparations
Dominik Schuermann
Jan 8, 2015, 8:51:35 AM1/8/15
to Uwe Plonus, k-9...@googlegroups.com, openpgp-ke...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just pushed a non-tested branch with commit
Hash: SHA1
https://github.com/open-keychain/open-keychain/commit/1c4b8c193d35f2226d621aa448e6775ff49fa2c6
and related API commit:
https://github.com/open-keychain/openpgp-api-lib/commit/f712a26ab68eb0f978722cfa69a7e9b5d05c80ca
Verification API is not yet finished and I need to write some tests later.
Regards
Dominik
p8sHemh8Ezj+GYTWmqVdrjLE+WkZJ3fuMPW7/FXUeLOCS6YgzoeXCArOpYvxUCsh
uFGWRg4YrPbE9G1WvauvFHK+9sEw1Hre8rgWVRm0cMkCafyQqwuyWptcve30Sy8Q
OMF9SZ7BrB73kXyFieslLD6gPdbR9cO09VgyDDERj7lsrhP/Tzy0oFIbBN/gwBo9
VR6D1vzbGmYiMCAQErhSlkYf+G4G3N85wQ2NOT9NY2hpAQAZeL8EoPGqZ7heMvxv
UqqbakcVa4n57As+IjT+kHQMj+o6Zc7zufTUluXbaG6PqPCRWcSb/izADeo6rac=
=VrIm
-----END PGP SIGNATURE-----
Uwe Plonus
Jan 8, 2015, 2:57:05 PM1/8/15
to openpgp-ke...@googlegroups.com, k-9...@googlegroups.com
Can you please point me where there problem is?
I've looked at the IMAP implementation an do not see any big problems.
Is the message get from POP handled in any other way than IMAP and is the problem there?
I want to help improving K9 (and open-keychain) to be a more valuable software.
Uwe
I've looked at the IMAP implementation an do not see any big problems.
Is the message get from POP handled in any other way than IMAP and is the problem there?
I want to help improving K9 (and open-keychain) to be a more valuable software.
Uwe
Uwe Plonus
Jan 8, 2015, 3:19:48 PM1/8/15
to k-9...@googlegroups.com, openpgp-ke...@googlegroups.com
Hi Dominik,
I'm looking forward to test the final implementation in Open-Keychain.
I also hope that implementing PGP/MIME in K9 gets on after this. I hope
that I can help on this then.
Uwe
I'm looking forward to test the final implementation in Open-Keychain.
I also hope that implementing PGP/MIME in K9 gets on after this. I hope
that I can help on this then.
Uwe
cketti
Jan 9, 2015, 1:39:50 AM1/9/15
to k-9...@googlegroups.com, openpgp-ke...@googlegroups.com
On 08.01.2015 20:56, Uwe Plonus wrote:
On 08.01.2015 12:56, cketti wrote:
Can you please point me where there problem is?On 05.01.2015 14:31, Uwe Plonus wrote:
We extend K9 to understand PGP/MIME according to RFC 3156 and send the signature as a detached signature to Open-Keychain and let it check it.
That's the current plan. But the part that requires the most time is modifying K-9 Mail to store messages in a format that allows reconstructing byte-identical copies of the original message. That's necessary to be able to verify signed PGP/MIME messages.
Unfortunately, a lot of things depend on the way we currently store messages. So after changing the database schema, a lot of fix up work is necessary.
You can check out my current progress here:
https://github.com/k9mail/k-9/tree/pgp_mime_preparations
When messages are saved to the database they are decoded and reduced
to 'text content', 'html content' and attachments. I started
changing this in the branch linked above. But now stripping of
transport encoding and character set conversion has to happen before
display time. The change also breaks searching message bodies and
probably a couple of other minor things.
If you want to help it would be nice if you could look into how we can utilize SQLite's full-text search extension[1] to have proper search in message bodies.
-cketti
[1]: http://www.sqlite.org/fts3.html
If you want to help it would be nice if you could look into how we can utilize SQLite's full-text search extension[1] to have proper search in message bodies.
-cketti
[1]: http://www.sqlite.org/fts3.html
Reply all
Reply to author
Forward
0 new messages