Replace OpenKeychain with GOpenPGP or similar

thunderbird / thunderbird-android

Thunderbird for Android – Open Source Email App for Android (fka K-9 Mail)

https://thunderbird.net/

Apache License 2.0

10.05k stars 2.47k forks source link

Replace OpenKeychain with GOpenPGP or similar #5662

Open rishubn opened 3 years ago

rishubn commented 3 years ago

Is your feature request related to a problem? Please describe. OpenKeychain is no longer actively maintained. Eventually it would make sense to move to another PGP implementation (preferably library based) such as gopenpgp.

Android Pass Store is doing something similar

Other than refactoring existing code, the biggest hurdle would be the effort required to create a GUI for the lost features provided by OpenKeychain

What are your thoughts on this?

xandro0777 commented 2 years ago

Wondering if PGPainless could be used - Android Pass Store goes this way. It is Pure Java so has some advantages over using Go.

https://github.com/pgpainless/pgpainless https://github.com/android-password-store/Android-Password-Store/pull/1522

wiktor-k commented 2 years ago

I'd also recommend PGPainless. It's not only Android Pass Store that uses it but ltt.rs too. It seems the author used OpenKeychain for their previous project (Conversations.im) but later migrated to PGPainless.

Although the API would change so this is not an easy solution...

CoelacanthusHex commented 2 years ago

@ShellWen forked openkeychain and actively maintain it. https://github.com/ShellWen/open-keychain-reborn

ShellWen commented 2 years ago

@ShellWen forked openkeychain and actively maintain it. https://github.com/ShellWen/open-keychain-reborn

And also, I will add lots of features as you want to. 😜

vanitasvitae commented 2 years ago

Author of PGPainless here, I'd love to assist, should you decide to give PGPainless a try :)

ddevault commented 8 months ago

Mostly useless comment to add here, but K-9 with OpenKeychain is going to slowly stop being able to deal with new encrypted emails as AEAD is rolled out into GnuPG. AEAD-encrypted emails (the GnuPG default since 2.3) cannot be decrypted with OpenKeychain.

vanitasvitae commented 8 months ago

For completeness/context: GnuPG decided to diverge from the OpenPGP protocol by rolling their own, nonstandard flavor of OpenPGP called LibrePGP.

Bouncycastle will probably implement the "official" AEAD flavor in the coming months, though this does not solve the problem of OpenKeychain being EOL.

For now, most Linux distributions patch GnuPG, reverting the AEAD changes to maintain compatibility with the ecosystem.

xandro0777 commented 8 months ago

After Autocrypt/OpenKeychain doing a lot of damage, the next improvement from Germany? I am afraid the feature could be dropped altogether. The trust that was there when Snowden used it is gone.