petmos
commented
7 years ago It would be great to support existing PGP keys. On Android side for example OpenKeyChain. Because when there exists a PGP key for my email address why create a new one?
Closed r10s closed 7 years ago
petmos
commented
7 years ago It would be great to support existing PGP keys. On Android side for example OpenKeyChain. Because when there exists a PGP key for my email address why create a new one?
r10s
commented
7 years ago If is planned to let the user import existent keys. This is also needed to support multiple devices.
andreygursky
commented
7 years ago There is already a command line program for e2e encryption using a state-of-the-art algorithm (Double Ratchet, used in Axolotl/Signal/Olm/OMEMO protocols): https://github.com/xmikos/pyxolotl. It dumps messages ready to be sent per E-Mail. Now Messanger-Android is an application able to communicate/chat over E-Mail but seeking for an encryption algorithm. Would be great to combine them. Signal (previously Axolotl) is a GPLv3 C library (with an exception for Apple Store) and Olm is an Apache C++ library being rewritten in C.
BTW, what is a difference of this issue to https://github.com/r10s/messenger-backend/issues/4? The Double Ratchet can also be setup for group chats.
P.S. Be careful using GitHub for crypto: Olm: explain export compliance...
r10s
commented
7 years ago Well, currently, I'm stuck in the documentations, GPG/PGP seems to be very hard to implement because of the masses of libraries required ... PEP is based upon GPGME which is based upon GnuPG which is based upon libcrypt - with the additional extra-problem, that GnuPG is no library but an app itself - please correct me, if I'm wrong.
Isn't there an easier way?
My requirements would be:
Binding would be to libEtPan.
The other idea - as also mentioned in this thread - is, not to use GPG/PGP but eg. the Signal Protocol (formally known as Axolotl), resp. its enhancements as OMEMO. However, here I am not sure, if this really works in our situation - possibly multiple clients, decentralised server we have no access for adding any line of protocol-specific code.
Any help on this issue is welcome.
Asteroid74
commented
7 years ago I am not a developer nor affiliated with the PeP project but following their development now already since some time. Their project aims to implement pgp as easy as possible. Thfough their adapters it should not be to difficult to implement encryption into the delta chat app.
You might want to get in contact with them as they seem happy to help other open source projects.
r10s
commented
7 years ago Well, but PEP seems still to require an external program (GnuPG) to be called. This makes things difficult. But I am not sure about this point.
shanavas786
commented
7 years ago Android Password Store uses external application to provide encryption. Not sure if it suites here.
QuibblingAsh42
commented
7 years ago You could also look at K-9 mail as it's both open source, and can leverage OpenPGP or OpenKeyChain if installed on the device. Betting you could probably borrow a lot of what you need from there.
r10s
commented
7 years ago 
kskarthik
commented
7 years ago Its time to roll out some fresh meat for us 😀 A beta version
r10s
commented
7 years ago I'll post a new version to F-Droid just these hours, however, it will take a few days until it is available there.
QuibblingAsh42
commented
7 years ago Wow, that's quite the turnaround, thank you! I cannot wait until the new version drops!
rickcrash
commented
7 years ago Yes indeed, me too. Thank you for your work. As soon encryption works, it's time to spread delta :))
In addition to the transport encryption provided by the E-Mail-providers, we should add a End-To-End-Encryption (E2EE), if possible, compatibe to the PGP-system used by other clients - but far easier to use, the encryption should be done without any configuration or things to be done by the user