[guardian-dev] porting GnuPG to Java vs improving the native Java APG

Miron c1.android at niftybox.net
Wed Nov 16 13:02:55 EST 2011


These are good arguments for porting GnuPG.  What use cases are you
envisioning?  Or do you plan to provide it as a general tool?

On 11-11-16 09:21 AM, Hans-Christoph Steiner wrote:
> Nathan and I were just discussing how best to proceed in terms of which OpenPGP implementation to use on Android.  Currently the only one is the pure Java APG.  Everywhere else, we are using GnuPG.  APG is a limited implementation of OpenPGP, it does not have methods for uploading personal public keys, signing other people's keys, or viewing certification signatures on a key. Additionally, APG does not have the privacy-enabling options like unexportable signatures or Web-Of-Trust enabling features like settable trust levels for keys that is independent from key certification.
>
> So at this point, we are thinking that our best option is to work solely with GnuPG, port it to Android, and use the existing GnuPG JNI bindings, improving them if need be.  Though we like the idea of supporting multiple implementations, APG just seems too immature for this current project.  Any comments or feedback is much appreciated.
>
> .hc
>
> ----------------------------------------------------------------------------
>
> Terrorism is not an enemy.  It cannot be defeated.  It's a tactic.  It's about as sensible to say we declare war on night attacks and expect we're going to win that war.  We're not going to win the war on terrorism.        - retired U.S. Army general, William Odom
>
>
>

--
Miron
http://hyper.to/blog/



More information about the Guardian-dev mailing list