On 08/12/2014 09:43 AM, Nathan of Guardian wrote: > This isn't 100% the same but, our CacheWord library for Android does > something along these lines - a dedicated service for just holding > sensitive, unencrypted keys in memory: > https://github.com/guardianproject/cacheword
Just to clarify, this library is meant for local, symmetric, non-PFS keys (to unlock encrypted storage for instance), but the design of the Android Service implementation is such that it is very minimal, and meant to survive the OS's attempt to kill/destroy long-term background services. This approach could be used to keep PFS keys in RAM. I believe TextSecure uses a similar approach with their own code/service. For those not used to mobile device app lifecycles, the idea that an "app is running" doesn't really mean the same thing as on a desktop system. If you have Pidgin with LibOTR running on your PC, it will stay running until you exit the application, and its quite easy to keep OTR sessions keys around as long as you need them. With Android however, and to some extent iOS (though its different), apps have a much more transient start/stop/pause/destroy state, and no foreground Activity or background Service is guaranteed to stay running if the user is not actively engaged with it. Even Services you mark as "Foreground" can still be destroyed without warning on low RAM devices like the very popular $100-200USD Moto G. We've managed to make it work with ChatSecure, and I know TextSecure has in their own way as well. Their pre-key work is the other solution to the offline encrypted messaging, of course, but we haven't quite figured out how to fit that into standard OTR yet. +n _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
