xm:lab

 English |  Español |  Français |  Italiano |  Português |  Русский |  Shqip

k9 archive

Encryption and Security

In this chapter we will look at installing an additional app called APG to allow us to use K-9 to send and receive encrypted emails. We will also cover some basic options to help you to have more secure email use. 

About email encryption

Before explaining the process for setting up APG and K-9 it is useful to know a little about email encryption using the PGP technology. OpenPGP (GPG) is an open source approach to encryption. In these days after the PRISM release of information it has become accepted that open source solutions offer the best chance of privacy as they are unlikely to have any 'backdoors' which allow access by security contractors.  

The process requires you to use 2 sets of keys to read and send emails. Both the sender and receiver of email need a private /secret key and a public key to be able to correspond.

You can see that in order to sent an encrypted mail you will need the public key of the person you are sending to and vice versa.

It is really easy to fake who is sending of emails. PGP is also used to sign emails. This ensures that the email is really sent by the person that signs it. There is more background information about the process here.

Installing and using APG to encrypt your email in K-9

Follow similar procedure to installing K-9 to install the APG app from the Play store or F-droid.

After you have checked that the App Permissions are ok, click Accept.

 

If you want to find out more about Android apps and security there are many resources available on the Internet. As a basic rule apps should not ask for more permissions than they need to do their job.

Because APG and K-9 are open source applications, their source code is available for their users to check. We may not be able to understand it but other users do. This means that it is very unlikely to contain anything harmful or risky to use.

Creating your PGP key pair

Start the APG app. You will see a welcome message that suggests that you install K-9 if you haven't already and some other tips, click OK.

To get started click on the More Actions menu key or the Menu button if your phone has one. 

To get started we need to create a key. You may have one already but if not select Manage Secret Keys.


Select the More Actions menus again and then click on the Create Key option. You see there also an option to Import and Export keys there as well. If you get stuck you may want to use another application to generate a key (like the Thunderbird email app) and import it in this way. 

 

The following screen gives you an option to create a key. You should normally add a pass phrase, a password that gives additional protection to the process. 

Click on Set Pass Phrase and enter a chosen password twice.

Click OK.

Add a User ID by clicking on the + next to User Id and entering a name and email.



You can now create a key by clicking on the + next to Keys.

 

It is suggested that you keep the default setting of RSA but double the suggested 1024 to 2048. 

You now get the option to set an expiry date for your key and to choose how you will use they key. Choose Sign and Encrypt


Now click on Save. This should complete the process of creating your key pair (public and secret keys). You should see your new key in the list of secret keys.

 

If you browse to manage your public keys then you will see your new key there as well. This is very important as you will need to send this key to people you want to receive encrypted emails from.

Exchanging Public Keys

Let's exchange public keys with some one to try out the process. If you want to try this you can send an email with your public key to encryptedenigma@aktivix.org.

First export your key by selecting Export keys from your options in Manage Public Keys. 

Choose a place to save the exported key which is a text file.

Send this public key to one of your contact that uses PGP and ask them to send you an encrypted email.

Sending Encrypted Email

Keeping a track of all these keys can be hard. To make it easier there are key servers where you can upload your and download other people's keys. 

From the options menu of main screen of AGP select Key Server.

Enter the email of the contact you want to send an email to and select Search

If the key is on the key server it will return a result.

The number to the right of the result is called your Key ID. It's a quick way of checking you are using the right key.

Once you have downloaded or imported the key of your you will be able to send them an email in K-9 easily.

When you compose a new message simply put a tick in the Encrypt box that you can see now you have APG installed. 

Remember you can only encrypt email to people for who you have the public PGP key. 

To sign your email select the sign box and then choose the key you want to use to sign this email.

 

Current limitations of encryption in K-9

As you can see K-9 uses the external tool APG to do the encryption of emails. There are some current limitations of this process. 

No encryption of attachments or email mime

The encryption process currently only works with the text inside your email message. This is called inline encryption. Other email clients also allow you to encrypt attachments to your email but this is not possible currently with K-9 / APG.

As well as attaching and encrypting documents this process of encrypting attachments is also used to send encrypted email and attachments together as gpg/mime type. Without going into the technical details this is now the preferred way to encrypt your mail if your client supports it.

Because this is a frequently requested feature it is very likely that this will be possible soon. Certainly the Guardian project are working in this area to create a GnuPG client for Android and will want to make sure their project works with K-9. 

 

There has been error in communication with Booktype server. Not sure right now where is the problem.

You should refresh this page.