Add guide for PGP on Android

setting up OpenKeychain and K-9
This commit is contained in:
jole 2021-10-08 15:06:52 +02:00 committed by qorg11
parent b0991959a0
commit 07dd0e64fb
No known key found for this signature in database
GPG Key ID: 343FC20A4ACA62B9
3 changed files with 47 additions and 2 deletions

BIN
guides/k9-missing-key.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 73 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 70 KiB

View File

@ -431,7 +431,52 @@ garbage
5. Send your public key to your contacts
6. Tell your friends to do the same
# pgp in android
TODO
# PGP on Android
## Before we begin
Phones are generally less secure than computer, you have less insight in what
is running on it. Evaluate the risk before exporting your private keys to your
phone. Mitigations include:
* generating your key with a password.
* generating your key with an expiration date.
Remember, if you do not have a password protected key, anyone who can access
your filesystem now potentially has your private key and can impersonate you.
## Exporting keys
To make it easy to clean up afterwards we will start by changing directory into
a temporary one. Run `cd $(mktemp -d)` to make and cd into a new subdirectory
of /tmp. First run `gpg --list-secret-keys` to list all keys. Find which one
you want to export and then run `gpg --export-secret-keys FINGERPRINT > mykey`
You can also use an email address instead of a fingerprint, but if you have
multiple keys linkted to that address it will export all of them.
You must now transfer the key to your phone. You can use something like
syncthing, but I would recommend just mounting your phone over USB or using
ADB. If you must use syncthing I would turn off relaying, if you are very
paranoid. I recommend putting your key in a directory named something like PGP.
For ADB run `adb shell 'mkdir /sdcard/PGP' && adb push mykey /sdcard/PGP`.
## Installing keys
You must now install an OpenPGP app. I use OpenKeychain, [you can find it on
F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain). Tap
'Import key from file', then import it. That's basically it! Finally you must
enable support in apps, I will show K-9 mail as that is my preffered email
client on mobile.
![Screenshot of OpenkeyChain](openkeychain-import.png)
## K-9
![Screenshot of K-9 asking to enable an OpenPGP app](k9-missing-key.png)
Oh look, qorg sent me an email, but I can't read it! No problem: I will just
tap the Open Settings promt, tap the Enable switch and go back. Then you will
be promted twice. **Read the propmt** and click allow, if you want to allow.
And now I can read his email! Future email encrypted to the private key we
added in OpenKeychain will now be decrypted.
## Cleaning up
Remove the temporary directory we created earlier with `mktemp -d`. Rebooting
your computer should also do this. As the key is now imported into
OpenKeychain, you should also delete /sdcard/PGP/mykey, or just the entire
directory.