GPG on Android

Juergen Bruckner juergen at bruckner.tk
Mon Nov 5 12:32:08 CET 2018


Hi Werner

I know its not the perfect setup, but it is practicable for me, and as i
usually just work with subkeys i feel on a more safe side with this.
Tokens are always a good idea, and if anyone can use them its
recommended to do it that way.

There are good reasons why GPG supports Tokens/Cards by default ;)

best regards
Juergen

Am 05.11.18 um 10:41 schrieb Werner Koch:
> On Sun,  4 Nov 2018 23:20, juergen at bruckner.tk said:
> 
>> I for myself did configure MailDroid that way, that for each
>> crypto-operation, decrypt, sign, encrypt I have to enter my passwort
>> each time.
> 
> That does not help.  A bugged phone will for sure employ a keylogger and
> thus you can also work without a passphrase.  To protect your key you
> need to move the key to a separate hardware device (aka token).  This
> may not help to protect you messages but at least you token must be close
> to the device so that an attacker can make use of your keys.
> 
> 
> Shalom-Salam,
> 
>    Werner
> 
> 

-- 
Juergen M. Bruckner
juergen at bruckner.tk

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20181105/30b91ad4/attachment.bin>


More information about the Gnupg-users mailing list