I’m not sure I understand why Protonmail forked the Go crypto library here. Did they fork the entire thing and make substantial changes/updates throughout, or did they just make changes to the PGP implementation available in Go/crypto?
Go/crypto already implements elliptic curve cryptography[1], so I’m curious which specific elliptic curve primitives (or algorithms) they added to their fork.
Are there any feature complete PGP/GPG libraries that target iOS? I use the Pass password manager, and it has a wonderful 3rd-party app for iOS, but the PGP implementation it uses (ObjectivePGP) is bizarrely licensed. All the other GPG implementations I am aware of have licenses that preclude their use on iOS.
Not a lawyer, but I assume because the GPL v3 requires that other people be able to modify the program and redistribute their modified versions. Since Apple are the sole gatekeepers of anyone’s ability to distribute iOS apps to users, complying with the license is problematic.
I think GPL at any version would be a problem with the app store. LGPL too.
IANAL, but my understanding is GPL means any distribution has to come with source upon reasonable request. Apple doesn't have source and thus can't comply with that, and shouldn't distribute the binaries.
LGPL I believe says that the LGPL portion has to user-replaceable. Seems incompatible with code signing enforcement and static linking.
Now, I think a lot of people are probably breaking the letter and spirit of these licenses and publishing to the app store anyway.
Edit: after googling around, it seems this was a popular conversation topic around 2011, and the part being discussed was mostly Apple's TOS rather than above points about the license.
Go/crypto already implements elliptic curve cryptography[1], so I’m curious which specific elliptic curve primitives (or algorithms) they added to their fork.
________
1. https://golang.org/pkg/crypto/