Adventures in Porting: GnuPG 2.1.x to Android!


PGP started with Phil Zimmerman’s Pretty Good Privacy, which is now turned into an open IETF standard known as OpenPGP. These days, the reference OpenPGP platform seems to be GnuPG: its used by Debian and all its derivatives in the OS itself for verifying packages and more. It is also at the core of all Debian development work, allowing the very diffuse body of Debian, Ubuntu, etc developers to communicate and share work effectively while maintaining a high level of security. It is also used for email encryption in Thunderbird + Enigmail, Apple Mail + GPGMail, GNOME Evolution, KDE KMail, Microsoft Outlook + Gpg4win.

lots of one and zeros

Yes, encryption means lots of ones and zeros that you can't read!

After actively using GnuPG for a few years, I thought it would be a good idea and not too difficult to port it to Android. I dove in and started with the code from git since I was hoping to involve the GnuPG developers. I had recently seen that they were stopping development on the 1.4.x branch, so the 2.1.x branch seemed like the logical choice to give us a reasonably complete OpenPGP implementation. Now I am happy to say we have it working on Android, with a couple of loose ends to tie up in order to get everything working.

One thing I do have to say is that GnuPG has evolved into a large and elaborate project that not only covers OpenPGP, but also PGP/MIME and things that have nothing to do with PGP like AES symmetric encryption and S/MIME email cryptography. That means it know is made up of many moving parts. It uses many libraries: libassuan, libgpg-error, libksba, npth, openldap, pinentry, and more if you want. It is also made up of a handful of programs to handle different aspects: gpg is the command line interface, gpg-agent seems to be the central key handler and task broker, dirmngr manages connections with directories like OpenPGP keyservers, pinentry handles getting passphrases from the user, etc.

The complexity does not stop there for our purposes: we need a Java API so we can make an Android app. So next up we built the GPGME (Gnu Privacy Guard Made Easy) library to provide a C/C++ API which is then wrapped in gpgme-for-java, a JNI library to make the GPGME functions available in Java. And just to heap on the layers, we are making a GUI on top of all that so that when you use it, you have no idea that all these little pieces that I have just described are even there at all.

You can follow our progress on this work on our PSST wiki: https://guardianproject.info/wiki/PSST

_(coming soon: sketching a mobile UI for OpenPGP, follow our notes here: https://guardianproject.info/wiki/GnuPrivacyGuard_for_Android)_