ePGP extension for mobile
Olav Seyfarth
olav at enigmail.net
Tue Dec 31 02:56:00 CET 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Hi Edwin,
> The question is about data-in-motion (email). "Is there a way to extend the
> deployment to cater for emails sent from mobile devices (running Android
> and iOS OSes)?"
I am sure you did a search before you posted this, didn't you?
It should have revealed at least these:
ANDROID
AFAIK K9/Kaiten + APG was the first OpenPGP Mail solution for Android:
https://play.google.com/store/apps/details?id=com.fsck.k9
https://play.google.com/store/apps/details?id=com.kaitenmail
https://play.google.com/store/apps/details?id=org.thialfihar.android.apg
There also is a fully integrated app; its UI is not as smooth as Kaiten yet:
https://play.google.com/store/apps/details?id=at.rundquadrat.android.r2mail2
A standalone GnuPG implementation (e.g. for key management or own solutions):
https://play.google.com/store/apps/details?id=info.guardianproject.gpg
IOS
I don't own/use Apple phones, so I cannot rate these apps, please test yourself:
https://itunes.apple.com/de/app/opengp/id414003727
https://itunes.apple.com/de/app/ipgmail/id430780873
<OT>
I cannot tell the quality of those apps in respect of robustness against attacks
or about the qualification of their developers. If you use these apps, you
effectively trust them blindly. I'm not telling you shouldn't (I also use them).
But taking into account that implementing a crypto system is the "hard part" and
most past practical attacks against crypto systems only were only feasible due
to weak programming or system engineering (and not the crypto itself, which most
probably is used by these apps in form of libraries), it's worth thinking about.
Well, but what's the alternative? Bying something from RSA? *smirk*
Although I hold a dregree in computer scince, I am not a programmer and cannot
peer review these apps. But I feel this would be necessary and maybe someone on
the list already reviewed or is willing to one or another app source. Would be
interesting to hear about. Concering this list: is that too off-topic?
Due to the nature of device roaming, on mobile devices other questions arise,
too. At least think about device authentication, encrypted storage (device/app),
and whether want to use/store the same secret key (or use different (sub)keys).
</OT>
Olav
- --
The Enigmail Project - OpenPGP Email Security For Mozilla Applications
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/
iQGcBAEBAwAGBQJSwiQgAAoJEKGX32tq4e9WsLEL/0LmTMZ8+obDRgfUuVqBpM7t
Lc7FOkar/ibJvdTW5/O2O40cIwRFzVnIQE1nZ3H5eyVEJ7eCdb/Ofub+30kcCV5O
q/a2mYOUfrabIcxsNX9Lf3RcUEczigoQnTKG9f5m6qY70DE/G9toE5cfUmP+E2QG
H0cHTYqSc4TN67CioiSHNgn0EMTVuTxHNz9MsnOLWrF3GrV8YiqUuRf7DvkZ9kiv
Uf/xSR0yMi/7QnZ+TviYyXShYpLcggeKjS5/lUREEJhRNGBprUmd8smeZFOSvxbm
iNI1XEjpuaeqGbdJWJnodZ28/n7Wrd7dA4WWQQFfGzlvMvt+GSoZlKKYrJMpJ8uI
Ke7l523BAIPgXEbd9wh6sUBW2h7DUoDXBmmA+rD+iIxbFaL/2n2NIH30m/pRJ8H+
qaeN4CJYNdLhwWN7Fo4wudmjouYsB0w4im965opc0AfsL5ItQuC1voRbFxLigcAn
Gk+a4vzDankDwl5OpSTrWHNJD2jkc4C/MJQ43+6m6Q==
=xIXi
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list