OpenKeychain and Cotech

OpenKeychain is now maintained by Cotech.


OpenKeychain is the most widely used OpenPGP implementation on Android. With OpenKeychain you can easily generate new key pairs and manage the public keys of your contacts. With its great integration in K-9 Mail there is a user-friendly way to send PGP/MIME emails. Besides this, you can execute cryptographic operations, such as signature generation and encryption, manually in OpenKeychain.

My favorite feature is the support for security tokens. Personally, I use a YubiKey 4C Nano to securely store my private key. It is much easier to handle OpenPGP on multiple devices when the private key is bound to an external little device. Before using this security token, it was a hassle to use OpenPGP on new devices, e.g., when the private key has to be transferred securely to a new laptop.

With open source software, it is hard to earn money by maintaining a project. Especially, when maintaining GPLv3-licensed software. One of its freedoms requires you to ship the source code to everyone who uses the software. This may be not desirable if the technology stack should also be integrated in commercial products. A possible way around this has been successfully demonstrated by the Signal protocol: It has been developed as part of the Signal app, which is GPLv3-licensed, but is also included in commercial products, such as WhatsApp or Google Allo. This was possible by dual-licensing the core components. We follow a similar dual-licensing strategy for OpenKeychain. So, we asked all contributors to sign a Contributor License Agreement (CLA). This allows us to build commercial products out of OpenKeychain without the restrictions of the GPLv3.

We believe in open source software and that its openness is a key requirement. The utilized technology must be verifiable by externals parties. This is why we will always provide an open source version of OpenKeychain.