Tracking issue for RFC 1195: Migrate away from OpenKeychain

[msfjarvis]

This is the tracking issue for the implementation of RFC #1195

Steps

• Introduce alternate PGP backend based on Gopenpgp (Add initial implementation of Gopenpgp-backed PGP #1441)
• Replace Gopenpgp with PGPainless (Switch new PGP backend to use PGPainless #1522)
• Implement a key management interface
  • Allow listing keys by type (public/private)
  • Allow deleting keys
• Implement key import step in onboarding to allow users to pick a key to initialize repositories with
• Implement passphrase caching (ref OpenKeychain)
• Offer a migration path to OpenKeychain users to import keys exported from OpenKeychain into APS
• Remove OpenKeychain support completely

Unresolved questions

• How will we handle migration? Do we attempt to automate this in any fashion or simply write documentation for users to follow? We will not
• What constitutes feature parity?
• Do we release another major version when we drop OpenKeychain? We're dropping it straight away

[daraul]

Do we release another major version when we drop OpenKeychain?

I would say yes. This is a fairly major change.

How will we handle migration? Do we attempt to automate this in any fashion or simply write documentation for users to follow?

I would prefer the migration be automatic, but concise documentation on the process would be welcome either way.

[msfjarvis]

Do we release another major version when we drop OpenKeychain?

I would say yes. This is a fairly major change.

Agreed.

How will we handle migration? Do we attempt to automate this in any fashion or simply write documentation for users to follow?

I would prefer the migration be automatic, but concise documentation on the process would be welcome either way.

I haven't thought a lot about how this migration would happen, considering the fact that OpenKeychain encrypts the exported keys but I do think it'd be nice to be able to handle it on-device. Will have to investigate this down the line.

[msfjarvis]

Passing note, we definitely wanna do passphrase caching. Doing it securely might be a challenge but dear god users will chew me out if I make them enter their passphrase every single time.

[malte-v]

I assume support for hardware OpenPGP keys needs to be implemented by us, then? It looks like PGPainless doesn't support this kind of functionality.

[msfjarvis]

I assume support for hardware OpenPGP keys needs to be implemented by us, then? It looks like PGPainless doesn't support this kind of functionality.

That is correct.

[Myridium]

Thanks all for your work. I rely on this application.

[msfjarvis]

Status update

• PGPainless backend now supports importing keys
• Decryption now takes the password from the user rather than hard-code it into the app
• You can opt into the PGPainless backend through a settings option

Next steps

• Make encrypt/decrypt use the key from .gpg-id instead of attempting all keys
• Reimplement error handling to surface them to the UI rather than crash the app

[malte-v]

For hardware security key support, I think this might be of use: https://github.com/cotechde/hwsecurity
It's GPL3 licensed, pure Java and thoroughly documented at https://hwsecurity.dev/.