Today we would like to introduce you to GnuPG encryption on Android for FairEmail and within mail on iOS. Before we do this I'd like to mention you can use TutaNota or ProtonMail (sadly on Android you won't get push notifications, as the app relays on Google Services) which both offer email encryption out of the box.
But let's talk about hosting your own domain and using an email program to do so.
Let's even pretend you use a Nitrokey and have your keys on the Nitrokey (we will have in our Desktop Chapter an introduction on Nitrockey and how to set it up securely on Linux or Mac).
What do you need for this (Android) solution?
- Android Phone with USB OTG capability
- USB OTG Cable
- Your Key (you can generate it on your computer or on the smartphone itself)
- And an email client FairEmail
Open the OpenKeychain app and connect the Nitrokey, Now import your Key from your storage location. After import you can check within the OpenKeychain app if it all checks out and it shows your working key.
If you don't have a Key or a Nitrokey you can generate a Key on your device using OpenKeychain.
Nitrokey is just an additional layer of protection.
NB: you can upload the public key or share it with everyone in your contact list, remember only share the public key, never share the private one!
If you receive an encrypted email on FairEmail you will see the email is marked with a red lock. You need to click on the attachment to open the encrypted email and select open with OpenKeychain. You will be asked to enter your PIN (from the Nitrokey) and will then be able to read the email.
You can now send and receive encrypted emails, if you use a Nitrokey you need to connect the Nitrockey to your cellphone every time you want to encrypt or decrypt an email. This is the separate secure layer we mentioned when you use a Nitrokey.
Once again, if you don't have a Nitrokey but have created a public and private key within the OpenKeychain app, this works the same way except there is nothing to attach and no PIN requested. If you create an PGP key on your desktop you can encrypt it with a password which will be asked for every time you open an encrypted mail. The Nitrokey is, as mentioned, an separate secure layer as your private key is stored on the physical device and not your phone.
On iOS there is an similar app called iPGMail
Open the app, import your PGP Key (public and private), click on settings, chose PGP in Email Body (this way your have the entire text in the actual email, if you don't click this then the email will be sent as an encrypted attachment, which works also perfectly well)
Within the app you have Compose, write your emails in there and send your encrypted email. Simple as that it will be sent via your mail app which comes pre-installed on your iOS device.
NB: you need to have a working key and to upload it to the iPGMail app, as the app won't generate a new key for you.
Don't worry if you do not have a PGP key yet, we'll have you covered in chapter 6 on how to generate one and store it safely, plus how to import it to your Android or iOS phone. We strongly recommend generating your key on Linux and not on your Android phone, iOS don't have a solution to generate it anyway.
See you guys soon with section 5.8, the last in this Chapter of the Privacy Cookbook, where we once again look at 'degooglifying' your world.
Always remember, privacy is a human right and we all have nothing to share, unless we chose to share it!