mirror of git://git.qorg11.net/kill9.git
Add guide for PGP on Android
setting up OpenKeychain and K-9
This commit is contained in:
parent
b0991959a0
commit
07dd0e64fb
Binary file not shown.
After Width: | Height: | Size: 73 KiB |
Binary file not shown.
After Width: | Height: | Size: 70 KiB |
|
@ -431,7 +431,52 @@ garbage
|
|||
5. Send your public key to your contacts
|
||||
6. Tell your friends to do the same
|
||||
|
||||
# pgp in android
|
||||
|
||||
TODO
|
||||
# PGP on Android
|
||||
## Before we begin
|
||||
Phones are generally less secure than computer, you have less insight in what
|
||||
is running on it. Evaluate the risk before exporting your private keys to your
|
||||
phone. Mitigations include:
|
||||
|
||||
* generating your key with a password.
|
||||
* generating your key with an expiration date.
|
||||
|
||||
Remember, if you do not have a password protected key, anyone who can access
|
||||
your filesystem now potentially has your private key and can impersonate you.
|
||||
|
||||
## Exporting keys
|
||||
To make it easy to clean up afterwards we will start by changing directory into
|
||||
a temporary one. Run `cd $(mktemp -d)` to make and cd into a new subdirectory
|
||||
of /tmp. First run `gpg --list-secret-keys` to list all keys. Find which one
|
||||
you want to export and then run `gpg --export-secret-keys FINGERPRINT > mykey`
|
||||
You can also use an email address instead of a fingerprint, but if you have
|
||||
multiple keys linkted to that address it will export all of them.
|
||||
|
||||
You must now transfer the key to your phone. You can use something like
|
||||
syncthing, but I would recommend just mounting your phone over USB or using
|
||||
ADB. If you must use syncthing I would turn off relaying, if you are very
|
||||
paranoid. I recommend putting your key in a directory named something like PGP.
|
||||
For ADB run `adb shell 'mkdir /sdcard/PGP' && adb push mykey /sdcard/PGP`.
|
||||
|
||||
## Installing keys
|
||||
You must now install an OpenPGP app. I use OpenKeychain, [you can find it on
|
||||
F-Droid](https://f-droid.org/packages/org.sufficientlysecure.keychain). Tap
|
||||
'Import key from file', then import it. That's basically it! Finally you must
|
||||
enable support in apps, I will show K-9 mail as that is my preffered email
|
||||
client on mobile.
|
||||
![Screenshot of OpenkeyChain](openkeychain-import.png)
|
||||
|
||||
## K-9
|
||||
![Screenshot of K-9 asking to enable an OpenPGP app](k9-missing-key.png)
|
||||
Oh look, qorg sent me an email, but I can't read it! No problem: I will just
|
||||
tap the Open Settings promt, tap the Enable switch and go back. Then you will
|
||||
be promted twice. **Read the propmt** and click allow, if you want to allow.
|
||||
And now I can read his email! Future email encrypted to the private key we
|
||||
added in OpenKeychain will now be decrypted.
|
||||
|
||||
## Cleaning up
|
||||
Remove the temporary directory we created earlier with `mktemp -d`. Rebooting
|
||||
your computer should also do this. As the key is now imported into
|
||||
OpenKeychain, you should also delete /sdcard/PGP/mykey, or just the entire
|
||||
directory.
|
||||
|
||||
|
|
Loading…
Reference in New Issue