Integrating PGPainless and hwsecurity

[tadfisher]

OpenKeychain is now completely broken on Android 13 QPR1 Beta 1, so I started on integrating hwsecurity (the APS fork) to support OpenPGP smartcards over NFC/USB. I have key import working, but everything is currently living in two separate worlds as hwsecurity support is a separate crypto-hwsecurity library implementing the crypto-common API.

This causes a few issues, mostly because it's difficult to recreate the standard metadata included in an on-disk key; this includes the canonical user ID(s) and the master key fingerprint. I believe that's why GnuPG created the "stub key" format with the extra s2k values indicating the key lives on a smartcard. Ultimately this data is required to match an ID listed in .gpg-id, which is pretty lax (basically anything gpg will match to a key in its keyring).

So there are a couple of routes to explore:

1. Continue as-is, and import smartcard keys into hwsecurity storage, but also require the user to provide the public master key to associate with the smartcard. This could be made easier by implementing keyserver lookups, which could be automatic if the user put a correct value in the "URL of public key" field.
2. Use the "stub key" format; users import a key as normal, but there would be an option to pair a smartcard if the key is missing a private encryption subkey or otherwise is unusable for encryption. On encrypt/decrypt, we'd need to iterate the keys ourselves instead of passing all of them to PGPainless, so we can check the hasDummyS2K() value for the key and delegate to hwsecurity to perform the actual crypto.

Option 1 is simpler from the integration perspective, but needs changes all over the app to support an additional key source. Option 2 is harder to integrate, as we'd have to make crypto-pgpainless an Android library or add extension points to delegate encryption, but the app could continue treating everything as a PGPKey and wouldn't really have to change.

[msfjarvis]

Thanks for getting the ball rolling on this!

I think it'd be preferable for us to keep all the PGP logic contained in crypto-pgpainless, so I'm open to the idea of converting it to an Android library if that is simplifying that effort. Paul (the maintainer of PGPainless) has been very welcoming to ideas that make usage easier for downstream consumers like ourselves, so if you have even a vague idea of how PGPainless could make this easier, I'd recommend raising an issue at https://github.com/pgpainless/pgpainless/issues and letting them know and get their perspective as well.

[tadfisher]

Thanks for the advice. I think the largest pain point here is the lack of a delegation callack for crypto operations using stub keys, similar to MissingKeyPassphraseStrategy. I'll raise an issue with PGPainless about this.

[tadfisher]

Issue here if you'd like to follow along.

[msfjarvis]

@tadfisher can you publish your work so far to your fork of APS? I'd like to get a head start on the review and help diagnose the issue you mentioned in the PGPainless issue tracker.

[tadfisher]

@msfjarvis Done! #2170