thunderbird-android icon indicating copy to clipboard operation
thunderbird-android copied to clipboard

Published 20 hours ago verified publisher icon thunderbird

Replace OpenKeychain with GOpenPGP or similar

Open rishubn opened this issue 3 years ago • 8 comments

Is your feature request related to a problem? Please describe. OpenKeychain is no longer actively maintained. Eventually it would make sense to move to another PGP implementation (preferably library based) such as gopenpgp.

Android Pass Store is doing something similar

Other than refactoring existing code, the biggest hurdle would be the effort required to create a GUI for the lost features provided by OpenKeychain

What are your thoughts on this?

rishubn avatar Sep 11 '21 20:09 rishubn

Wondering if PGPainless could be used - Android Pass Store goes this way. It is Pure Java so has some advantages over using Go.

https://github.com/pgpainless/pgpainless https://github.com/android-password-store/Android-Password-Store/pull/1522

xandro0777 avatar Mar 03 '22 18:03 xandro0777

I'd also recommend PGPainless. It's not only Android Pass Store that uses it but ltt.rs too. It seems the author used OpenKeychain for their previous project (Conversations.im) but later migrated to PGPainless.

Although the API would change so this is not an easy solution...

wiktor-k avatar Jun 14 '22 08:06 wiktor-k

@ShellWen forked openkeychain and actively maintain it. https://github.com/ShellWen/open-keychain-reborn

CoelacanthusHex avatar Jul 12 '22 18:07 CoelacanthusHex

@ShellWen forked openkeychain and actively maintain it. https://github.com/ShellWen/open-keychain-reborn

And also, I will add lots of features as you want to. 😜

ShellWen avatar Jul 12 '22 18:07 ShellWen

Author of PGPainless here, I'd love to assist, should you decide to give PGPainless a try :)

vanitasvitae avatar Jul 15 '22 19:07 vanitasvitae

Mostly useless comment to add here, but K-9 with OpenKeychain is going to slowly stop being able to deal with new encrypted emails as AEAD is rolled out into GnuPG. AEAD-encrypted emails (the GnuPG default since 2.3) cannot be decrypted with OpenKeychain.

ddevault avatar Jan 04 '24 11:01 ddevault

For completeness/context: GnuPG decided to diverge from the OpenPGP protocol by rolling their own, nonstandard flavor of OpenPGP called LibrePGP.

Bouncycastle will probably implement the "official" AEAD flavor in the coming months, though this does not solve the problem of OpenKeychain being EOL.

For now, most Linux distributions patch GnuPG, reverting the AEAD changes to maintain compatibility with the ecosystem.

vanitasvitae avatar Jan 04 '24 12:01 vanitasvitae

After Autocrypt/OpenKeychain doing a lot of damage, the next improvement from Germany? I am afraid the feature could be dropped altogether. The trust that was there when Snowden used it is gone.

xandro0777 avatar Jan 04 '24 13:01 xandro0777