[guardian-dev] OpenPGP on Android: GnuPG vs Bouncy Castle
Dominik Schürmann
dominik at dominikschuermann.de
Wed Apr 10 05:27:20 EDT 2013
On 08.04.2013 23:24, Hans-Christoph Steiner wrote:
>
> First off, I'd just like to say we appreciate you taking the time to provide
> criticism to our approach. We are always open to hear other opinions.
>
Thanks for your comments.
>
> It would be nice to have a pure Java implementation of the full features of
> the GnuPG suite, but we looked into that and thought it would be significantly
> less work to port GnuPG. In retrospect, we might have be wrong about that,
> but in any case, we now have GnuPG working on Android and want to pursue it.
> Ideally, this work would also feed your pure Java implementation as well, but
> that's not a current priority.
>
> You can find our notes on what APG lacks here:
> http://guardianproject.info/wiki/Encryption_and_Identity_Verification
>
> Here is a sketch of what we want to add to the GnuPG app:
> http://guardianproject.info/wiki/GnuPrivacyGuard_for_Android
>
> The key parts missing in the APG implementation are:
> * no method for uploading personal public key
> * no method for signing other people's keys
> * no method to view signatures on a key
> * no method for generating and managing subkeys
> * no PGP/MIME support
>
> Perhaps you've addressed some of these in OpenPGP Keychain, I haven't looked
> too closely. We are also hoping that using GnuPG will be faster/more efficient
> that a BouncyCastle approach, which is quite important to use since we're
> working on encrypting videos on phones.
The performance indeed could be an issue with a pure Java implementation.
Some of the other features are implemented in my fork and were mostly
user interface work.
PGP/MIME is an important one that is currently not available, but to
implement that the much greater work need to be done on k9mail. There
was a pull request that should be evaluated an rebased
(https://github.com/k9mail/k-9/pull/4)
>
>> - I think, with a Java lib like Bouncy Castle as the backend, it is much
>> easier to provide working multi platform versions.
>
> Yes, pure Java will be easier to support on non-ARM Android platforms. But
> since they are currently a tiny minority, it was not a high priority when we
> started. We figured that those platforms could be served by APG, and now
> OpenPGP Keychain.
>
> [...]
>
> Your ContentProvider sounds like a useful abstraction and should also be
> applicable to the GnuPG port. So it sounds like you have already been
> abstracting out the backend, so that would make this project much easier as
> long as we can do everything we need via a ContentProvider. If we can make a
> standard API for the communication between the app and the PGP-providing
> service (eg. gnupg or bouncycastle), then we can use a shared app as the
> standard interface.
That's more work than it sounds, but actually I like the idea. I will
look into it. I try to analyze if it is possible to abstract away most
logic. Unfortunatly, Android's coding patterns are not really MVC :P
Regards
Dominik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130410/82a6c6b5/attachment.pgp>
More information about the Guardian-dev
mailing list