If the user has a verified public key, go to (8).
Prompt user for search criteria.
- Search pool, present results.
- Confirm selection.
- Download public key.
- Send encrypted email to UIDs with verification tokens (plus URL). 7a. User selects unverified UID, enters token. 7b. User follows URL, UID is verified.
8a. View list of keys that you have not yet signed and pushed. 8c. Show your fingerprint's QR code. 8b. Scan a QR code; key is added to list. 8b.i. If the user has somehow given us their signing key, send them an encrypted, signed email with a script they can run to import and sign all the keys.
- Public key is stored on device, unencrypted, signed.
- List of keys to sign stored on device, encrypted, signed.
- HKP is sent over SSL.
- UI lock with PIN.
Building & Testing
Signer is built using the Maven build system, version 3.1.1 or higher. To build the distributable .apk:
mvn clean package
The signer-.apk will be available under target/ directory.
To run unit and integration tests:
mvn clean verify
This depends on the
JAVA_HOME variables being set.
export ANDROID_HOME=$HOME/adt-bundle-linux-x86_64-20131030/sdk export JAVA_HOME=/usr/lib/jvm/default-java
tools directories must be in your path:
This uses maven-android-plugin.