GnuPG 2.2.20 under Termux (Android) ...

Szczepan Zalega | Nitrokey szczepan at
Mon Apr 27 15:55:09 CEST 2020

On 4/27/20 3:15 PM, Stefan Claas wrote:
> maybe interesting for some of you.
> I just noticed that, after installing Golang under Termux
> that Termux has also GnuPG already installed.
> Would people recommend using pure GnuPG on a smartphone,
> compared to a (compromised?) PC?
> I ask, because I have not read yet what attacks (remotely)
> are possible with smartphones, to obtain the secret keys.
> Any pointers to articles would be very welcome!


I would not keep the secrets on the mobile, but rather offload the
computation to a simple device and communicate via USB/NFC. Reason is
that this is a complicated communication device, which has a big attack
Here is a fresh remote code exploitation done over Bluetooth for Android
8/9 [1]. Fix was released in February 2020 as far as I see.
In the past there were some issues with the WiFi as well AFAIR.


Best regards,

More information about the Gnupg-users mailing list