GPG on Android

Juergen Bruckner juergen at
Mon Nov 5 12:32:08 CET 2018

Hi Werner

I know its not the perfect setup, but it is practicable for me, and as i
usually just work with subkeys i feel on a more safe side with this.
Tokens are always a good idea, and if anyone can use them its
recommended to do it that way.

There are good reasons why GPG supports Tokens/Cards by default ;)

best regards

Am 05.11.18 um 10:41 schrieb Werner Koch:
> On Sun,  4 Nov 2018 23:20, juergen at said:
>> I for myself did configure MailDroid that way, that for each
>> crypto-operation, decrypt, sign, encrypt I have to enter my passwort
>> each time.
> That does not help.  A bugged phone will for sure employ a keylogger and
> thus you can also work without a passphrase.  To protect your key you
> need to move the key to a separate hardware device (aka token).  This
> may not help to protect you messages but at least you token must be close
> to the device so that an attacker can make use of your keys.
> Shalom-Salam,
>    Werner

Juergen M. Bruckner
juergen at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Gnupg-users mailing list