Support encryption

[psamim]

Hi,

As an enhancement, it would be great if Orgro could support opening encrypted files, or encrypted headings, with the help of OpenKeyChain. Just like Emacs and org-mode.

[amake]

It looks like OpenKeychain is Android-only.

As a general principle Orgro is cross-platform and I won't be adding any single-platform features. So I would need to find an equivalent implementation for iOS or, better yet, in Dart.

[chrstfer]

I don't know dart, but this looks like an actively maintained library that does encryption and here's a gist with a reference implementation.

[amake]

I take it that this request is to support the whole-file and per-section use cases described here:

• https://orgmode.org/worg/org-tutorials/encrypting-files.html
• https://orgmode.org/manual/Org-Crypt.html

pointycastle looks too low-level. Something more like openpgp or encrypt looks like the right thing.

I would also need to create a GUI for managing private keys.

[amake]

Support for decrypting and reencrypting Org Crypt-style symmetrically encrypted sections will be available for testing in v1.36.0 soon:

• iOS
• Android

[amake]

Support for symmetrically encrypted sections is now available on all platforms in v1.36.1.

I'm debating whether it's worthwhile to support asymmetric encryption and full-file encryption.

[amake]

I'm leaning toward not bothering with full-file encryption. I started a poll about symmetric vs. asymmetric: https://mastodon.social/@amake/111700198262236731

[amake]

From discussion on Mastodon I understood that using OpenKeychain would have important advantages:

• I don't have to worry about securely storing the private keys because OpenKeychain handles that for me
• It also apparently supports NFC cards (like Yubikeys?)

Those are nice advantages, but there are some significant issues:

• OpenKeychain is not under active development and seems essentially abandoned
• It is not compatible with Android 14 https://github.com/open-keychain/open-keychain/issues/2836
• Supposedly there are unaddressed vulnerabilities https://github.com/open-keychain/open-keychain/issues/2856
• It appears that you communicate with OpenKeychain via intents, so I assume any encryption/decryption would have to be done async. Ideally I want to do things synchronously.
• The lack of an equivalent for iOS is a deal-breaker for Orgro

[amake]

iPGMail offers an API for usage similar to OpenKeychain's intents: https://ipgmail.com/developers/

[amake]

The OpenKeychain API appears to be this: https://github.com/open-keychain/openpgp-api