2011-01-03 // GnuPG on Android with APG and K-9 Mail

I'm using a separate¹⁾ email address for my Android 2.2 based mobile phone. This makes it possible for close friends and my family to write me when I'm on the road. For free and without the need for crappy SMS phone GUIs. Additionally, it is very handy to mail yourself a grocery list or a quick note before leaving the house. However: All unencrypted²⁾ mails for your phone are clear for the telco provider and others to see. But there are comfortable applications to change this.

Quick and superficial guide about the needed actions:

1. Install the needed applications on your phone (click on the app names for QR Codes containing an Android Market search query):
   • Android Privacy Guard (APG)
   • K-9 Mail
   • Astro File Manager (optional but recommended)
2. Generate a new key pair for your phone. IMHO, it is a bad idea to place your main private key on an unencrypted mobile device. The risk of theft/loosing it is too high. I created the new key pair on my PC (even it would be possible on Android) because I prefer some kind of key hierarchy and a keyboard makes the creation more comfortable. Additionally, it is not a bad idea to have a backup copy of the new key on your PC.
3. Export you new key pair into .asc files:

   gpg -ao ~/privkey.asc --export-secret-key KEY-ID
   gpg -ao ~/pubkey.asc --export KEY-ID

   If you don't like the terminal, use Enigmail or another GPG GUI for the export. It is also a good idea to export the public keys of the persons you want to write encrypted mails from your phone. Even APG provides the possibility to use keyservers, it makes no fun to search and import dozens of keys using that way.

4. Copy the .asc files on your phone (e.g. via USB), the location does not matter (you can delete these files after the import was done).
5. On your phone:
   1. Open APG→click Menu button→“Manage Public Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file containing your public key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.
   2. Open APG→click Menu button→“Manage Private Keys”. The screen changes→click Menu button→“Import Key”. The program is asking where the .asc file to containing your private key to import is located. Click on the file browser icon and run the action with “ASTRO”. Browse to the file and click on it. Check “Delete After Import” and click OK.
   3. Open K-9-Mail→click Menu button→“More”→“Accounts”. The sceen changes→Click and hold on your account→“Advanced”→Cryptography→Select “APG” as the OpenPGP Provider. And check “Auto-sign” if it makes sense for you.

That's all. But you should know that K-9 Mail brings no support for PGP/MIME right now. This means you have to tell your friends to write Inline-PGP encoded mails, not PGP/MIME mails. But this should be default in most environments. If not: Enigmail provides a non-global select box for this setting at the “Per-Recipient Rules” menu.