gpgme and Java
Hans-Christoph Steiner
hans at guardianproject.info
Mon Mar 9 20:01:40 CET 2015
Werner Koch:
> On Wed, 4 Mar 2015 00:57, hans at guardianproject.info said:
>
>> thread at this point. The bizarre Java wrapper of GPGME was not the
>> biggest part of the problem of the GnuPG-for-Android port, but it was
>> nonetheless a real problem. Sure it is possible to use GPGME with
>
> You mean Stefan's decade old Java binding? Well, there was not much
> interest in it for years and if there is now a need for a proper Java
> binding, it should be done.
I guess you forget that we worked a lot on it, ported it to GnuPG 2.1 and
recent GPGME versions, and added features. There have been some other
projects starting to use our version as well.
https://github.com/guardianproject/gnupg-for-java
>> Java, but it is not good, and ill-fitting APIs make for bad software,
>> which in turn often leads to bad security. It also took a lot of
>
> Please describe the problems you have with the API so that we actually
> have something to talk about.
Its been a long while since I was working on the guts of this, so the details
escape me. I can only say now what I remember without digging into the code
again. One thing that is very clear to me: we spent a ton of time figuring
out how to debug on Android, then actually running the debugging processes.
That would have been drastically easier if we had been working with pure Java
code that talked to the GnuPG processes. The Android tools are all about
Java. And having all those layers of code wrapping code makes debugging also
much harder.
Another thing I remember clearly is that I had to first thing about
implementing new features in JNI, then in Java. There are also a lot of times
where data structures should be passed between Java and JNI, and that is
generally a painful process in JNI. A pure Java interface to the GnuPG
processes would totally eliminate that.
At this point, I've done a lot of various things on Android, including running
native processes, and JNI code. Working with a Java wrapper of GPGME made
implementing things take many more hours, probably like 3-4 times as much, as
I would expect from more native Android development.
.hc
--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81
More information about the Gnupg-users
mailing list