In case you use OpenPGP on a smartphone ...

bereska bereska at hotmail.com
Mon Aug 10 17:05:19 CEST 2020


Dear Chiraag,

I've been thinking of a similar setup with my GPG keys on a smart card
to encrypt/decrypt data on my android phone.
Could be more specific about your setup?

thank you
Dmitry

On 10.08.2020 17:27, ಚಿರಾಗ್ ನಟರಾಜ್ via Gnupg-users wrote:
> 10/08/20 09:07 ನಲ್ಲಿ, Stefan Claas <sac at 300baud.de> ಬರೆದರು:
>>
>> Matthias Apitz wrote:
>>
>>> El día domingo, agosto 09, 2020 a las 10:06:13p. m. +0200, Stefan Claas escribió:
>>>
>>>>> This article showed up today, when I did a Google search again:
>>>>>
>>>>> <https://tech.firstlook.media/how-to-defend-against-pegasus-nso-group-s-sophisticated-spyware>
>>>>>
>>>>> Trustworthy source.
>>>>
>>>> Mmmhhh, it is getting 'better and better' for smartphone users.
>>>>
>>>> https://www.androidauthority.com/government-tracking-apps-1145989/
>>>>
>>>
>>> One can use a Linux mobile phone running UBports.com (as I and all my family do)
>>> or the upcoming Puri.sm L5 (as I pre-ordered in October 2017).
>>
>> Yes, people gave me already (not from here of course) good advise for other OSs
>> which one can use. The question is how long will those OSs been unaffected ...
>>
>>> Stop whining, stand up and fight and protect yourself.
>>
>> I am not whining ... I only wanted to let the people know. Also very
>> interesting that only one person in this thread replied, besides you ...
> 
> I was wary of storing my private GPG keys on my phone (if only because of theft/loss/etc), so I set up my keys on a Yubikey and use that to decrypt stuff on my phone. From what I understand, even if they were to obtain secrets decrypted by the Yubikey or exfiltrate private files, they would not be able to actually decrypt them given that the key resides on the Yubikey (if the private key were on the phone itself, they'd "just" have to crack the passphrase or whatever, which would presumably be much easier...).
> 
> Just another way to mitigate the risk of stuff like this.
> 
> Sincerely,
> 
> Chiraag
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20200810/5115eecb/attachment-0001.sig>


More information about the Gnupg-users mailing list