diff options
| author | Dominik Schürmann <dominik@dominikschuermann.de> | 2013-09-06 13:52:57 +0200 |
|---|---|---|
| committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2013-09-06 13:52:57 +0200 |
| commit | de8e1a39d59e1a0f40e173ba3c28e4250d1a48ef (patch) | |
| tree | 5cbc34684c63888d3e8e775ad35f79d498908cb7 /README.md | |
| parent | b9eaf235621ff59a661b45b20ac1106f42ee4be5 (diff) | |
| parent | 3a66c1c25aff1dadf4779c2df0fac04f3a9f3c0a (diff) | |
| download | open-keychain-de8e1a39d59e1a0f40e173ba3c28e4250d1a48ef.tar.gz open-keychain-de8e1a39d59e1a0f40e173ba3c28e4250d1a48ef.tar.bz2 open-keychain-de8e1a39d59e1a0f40e173ba3c28e4250d1a48ef.zip | |
merge k9mail back into master
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 66 |
1 files changed, 0 insertions, 66 deletions
@@ -68,72 +68,6 @@ See http://docs.oseems.com/general/application/eclipse/fix-gc-overhead-limit-exc 1. Open svg file in Inkscape 2. Extensions -> Color -> darker (2 times!) -# Security Model - -## Basic goals - -* Intents without permissions should only work based on user interaction (e.g. click a button in a dialog) - -Android primitives to exchange data: Intent, Intent with return values, Send (also an Intent), Content Provider, AIDL - -## Possible Permissions - -* ACCESS_API: Encrypt/Sign/Decrypt/Create keys without user interaction (intents, remote service), Read key information (not the actual keys)(content provider) -* ACCESS_KEYS: get and import actual public and secret keys (remote service) - -## Without Permissions - -### Intents -All Intents start with org.sufficientlysecure.keychain.action. - -* android.intent.action.VIEW connected to .gpg and .asc files: Import Key and Decrypt -* android.intent.action.SEND connected to all mime types (text/plain and every binary data like files and images): Encrypt and Decrypt -* IMPORT -* IMPORT_FROM_FILE -* IMPORT_FROM_QR_CODE -* IMPORT_FROM_NFC -* SHARE_KEYRING -* SHARE_KEYRING_WITH_QR_CODE -* SHARE_KEYRING_WITH_NFC -* EDIT_KEYRING -* SELECT_PUBLIC_KEYRINGS -* SELECT_SECRET_KEYRING -* ENCRYPT -* ENCRYPT_FILE -* DECRYPT -* DECRYPT_FILE - -## With permission ACCESS_API - -### Intents - -* CREATE_KEYRING -* ENCRYPT_AND_RETURN -* ENCRYPT_STREAM_AND_RETURN -* GENERATE_SIGNATURE_AND_RETURN -* DECRYPT_AND_RETURN -* DECRYPT_STREAM_AND_RETURN - -### Broadcast Receiver -On change of database the following broadcast is send. -* DATABASE_CHANGE - -### Content Provider - -* The whole content provider requires a permission (only read) -* Don't give out blobs (keys can be accessed by ACCESS_KEYS via remote service) -* Make an internal and external content provider (or pathes with <path-permission>) -* Look at android:grantUriPermissions especially for ApgServiceBlobProvider -* Only give out android:readPermission - -### ApgApiService (Remote Service) -AIDL service - -## With permission ACCESS_KEYS - -### ApgKeyService (Remote Service) -AIDL service to access actual private keyring objects - # Coding Style ## Code |