[Freedombox-discuss] Tap-to-share PGP key exchange

Alex Stapleton alexs at prol.etari.at
Fri Sep 30 15:09:19 UTC 2011


On 30 Sep 2011, at 16:02, Timur Mehrvarz wrote:

> On 30.09.2011 16:29, Ted Smith wrote:
>> So, it seems that your app uses Bluetooth to transfer key
>> material, and then relies on users manually verifying
>> fingerprints.
> This is correct. Anymime does not transmit fingerprints but only the
> full keys.
>> Is it possible to use Intents from another app to transfer files
>> over anymime? Or is it possible to do the same to allow monkeysign
>> to verify fingerprints from anymime-ksp? I'm not an android expert,
>> but that seems like the best way of going about doing this.
> The anymime-ksp activities are already available to any app. It's only
> a matter of requisting an intent with...
>        intent.setDataAndType(pgpFileUri,"application/pgp")
> Your "Apply action..." popup will then contain both:
> ShowPgpFingerprintActivity and UploadPgpFilesPopupActivity. Android is
> genius in this regard. Good luck implementing this for iOS.
> On 30.09.2011 16:43, Daniel Kahn Gillmor wrote:
>> My main concern is that visually comparing two strings of 40
>> hexadecimal digits is beyond the attention span of most humans i
>> know.  Even for the folks who can actually compare all the digits,
>> once a handful of key exchanges have been done and have always
>> "checked out" by visual comparison, the user will probably start to
>> get sloppy.
>> I don't mean this in a pejorative way; comparing long strings of 
>> arbitrary symbols is just not what the human mind is cut out for.
>> So having a way for the exchange to be securely done *without*
>> users needing to inspect fingerprints would be an excellent step
>> forward in the experience of key exchange.
> I fully agree with you say. Someone suggested to me in private to do
> an alternative ShowPgpFingerprintActivity with color coding. This
> would then be available as an additional entry in the "Apply
> action..." popup menu. I just didn't want to start coding something
> fancy without having a discussion upfront. Bingo, here we are.
> So, how do we want to make comparing 48 hex digits easier for the user?
> Timur
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss

More information about the Freedombox-discuss mailing list