API: K-9 Mail - OpenKeychain pairing via signing key pinning?

[dschuermann]

From K-9's mailinglist:

As far as I understand the pairing between K-9 and OpenKeychain, this is basically a Trust-On-First-Use (TOFU) model where the trust is established by looking at the app that is selected as the PGP provider.

I've been thinking that there can be a zero-config version of this based on pinning the signing key of the APK. For example, K-9 would include the signing key of OpenKeychain, then when K-9 sees there is a PGP provider that is signed by that key, it would automatically set it up and use it.

For handling multiple matches, it can either stick with the first pinned app that was configured; or it could use the most recently installed app that matches K-9's signing key pins. This would not override the user selected app, and the regular behavior would still be possible.

We could include the signing key in our client lib

[dschuermann]

A less intrusive first step change would be to have a whitelist in our openpgp lib that only allows OpenKeychain with the certificates of me and F-Droid. This however introduces the problem of testing apps, when our own OpenKeychain is certified via the debug certificate.

[eighthave]

I'm going to be working on this starting now for the next couple of weeks for a different app. My work will all be included in our Trusted Intents project. I could help put this together for OpenKeychain as well, if there is interest.