[guardian-dev] shared Java lib for accessing OpenPGP keyservers
Hans-Christoph Steiner
hans at guardianproject.info
Fri Dec 6 12:53:28 EST 2013
On 12/06/2013 05:38 AM, Abel Luck wrote:
> Hans-Christoph Steiner:
>>
>> So I've recently realized that a lot of the complexity in the GnuPG suite is
>> the keyserver stuff for both OpenPGP and S/MIME. S/MIME is pretty low
>> priority for us, so I was thinking of ignoring the GnuPG keyserver stuff
>> (dirmngr, etc) and using a Android-native Java implementation.
>>
>
> Could you elaborate a bit more on the complexities? What's the difficulty?
GnuPG is strongly tied to the design of UNIX. Android is not UNIX, and often
is very different from UNIX. That's the root of the problem.
The keyserver stuff needs openldap and curl. OpenLDAP is the only lib I
can't build into Android-style shared libs. It also relies on a daemon,
dirmngr, which i believe is supposed to run once on a machine, then any user
account uses the running daemon. That would difficult to support on Android.
Also, setting up GnuPG keyserver support to use tor is a pain, and in GPGA
would mean lots of tricks involving writing config files and managing command
line flags. Also, currently DNS does not work with the keyserver stuff.
>> That would be much easier to add Tor support to, and to integrate into the UI.
>> I figure this code already exists to some degree in APG and OpenPGP Keychain,
>> its just a matter of restructuring it into a shared library so we can share
>> the code.
>>
>> How does this sound?
>
> What would the consequences of this be? What features would shift from Gnupg to native
> Java? Searching and fetching keys? Anything else (ignoring s/mime stuff)
Yup, just searching and fetching keys. This would likely break S/MIME
support, but perhaps not. But I don't hear anyone talking about implementing
S/MIME in anything, so it seems quite low priority.
Doing it in Java means we can use OnionKit and pool our efforts there, instead
of spending that time on crazy UNIX hacks that will only help GnuPG.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
More information about the Guardian-dev
mailing list