GnuPrivacyGuard for Android

From Guardian Project Wiki

Contents 1 Features we plan to support 2 Optional Features 3 Third Party Code / Libs 4 Current development progress 5 GnuPG Extensions 6 TODO

Features we plan to support

Overview of Needed Activities

• a collection of Activities for seamless integration with other apps
  • act transparently via Intents and returned data
  • only pop UI if user-action is needed (password, choose key, etc)
  • sign/validate emails
  • encrypt/decrypt emails
  • sign/validate files
  • encrypt/decrypt files
  • show trust level
  • generate private key first time
  • sign OpenPGP keys to certify their validity

A list of gnupg features roughly grouped by potential Activity screen:

• private key view
  • assume single private key
  • should detailed info on scrollable page
  • include QRCode of fingerprint?
  • publish public key with sigs to keyserver

• key manager view
  • list of public keys
  • view sigs, trust level, etc.
  • select key to sign, etc.
  • sync local keyring with keyservers

• public key view
  • view certification signatures for any key
  • option to sign this key

• signing activity
  • QR code display/scanning for keysigning exchanges
  • display randomart image of fingerprint for keysigning exchanges
  • allow easy QR scanning
  • lsign (local-only unexportable) OpenPGP keys
  • publish certification signatures to keyservers
  • email certification signatures to key owner

• searching and downloading keys
  • if no key in keyring, prompt to search for key
  • preference to automatically search for less privacy concerned users
  • search/download public keys from keyservers

• contacts integration
  • what does Google sync from custom fields?
  • show key verification status
  • show trust level
  • clickable link into GPG for signing, detail view

• handling revokation keys
  • automatically generate when generating new private key
  • offer options for remote storage of revokation certificate
  • easy way to copy revoke key to offline storage

• importing keys
  • import public keys from SD card
  • DO NOT import secret keys from SD card, since its public (use our webdav secure store)

Optional Features

• display Photo ID images embedded in OpenPGP keys
• tor proxy support for non-root Tor

• trust path view
  • generate trust path between private key and current user
• social graph view aka web of trust degrees

Third Party Code / Libs

• Java binding for GPGME: [1]
• GnuPG Wrapper for Java: [2]

Current development progress

• core Android porting complete
• most fixes contributed upstream
• automated builds: https://build.safermobile.org/job/gnupg-for-android/
• all features that don't require passwords work
  • downloading keys from keyservers
  • signature validation
  • encryption to keys
  • listing keys
  • searching for keys
  • fingerprints
• gpgme builds for Android

GnuPG Extensions

From devrandom:

Would be nice if GPG supported scrypt with configurable number of iterations as a key derivation function. The existing KDFs are pretty weak. Improved KDFs are very important in mobile. Since it's hard to enter long passwords on smartphones, a good KDF is needed to mitigate (increase attack effort). Use of scrypt gets you a factor of 10,000 in attack difficulty, which is equivalent to 3-4 extra password chars.

TODO

• get DNS working for talking to keyservers
• write pinentry Android UI element for password entry
• debug gpgme native library
• implement GUI
• contribute all fixes upstream to GnuPG