[HOWTO] Enable PGP/MIME encryption with K-9 Mail and OpenKeychain

After installing eel 0.5-201902073130 found a new default application, so started looking for some tutorials about the app.

Screen-shot copied from: https://pixelprivacy.com/resources/encrypt-your-emails/

https://www.openkeychain.org/

GPG Tutorial

https://www.futureboy.us/pgp.html

Simple beginners tutorial:

To enable PGP/MIME encryption, you need the K-9 Mail app and OpenKeychain, both available

Follow the steps below:

Step #1 - Install the OpenKeychain app.

Step #2 - Select “Keys” and then select “Create My Key” to generate your PGP key.

Step #3 - Next, install the K-9 Mail application. Walk through the simple installation steps of the app and set up an email account.

Step #4 - Once the app is installed on your Android device, go to Menu -> Settings -> Account Settings.

Step #5 - Locate and click on the “Cryptography” button, then click “OpenPGP.”

Step #6 - Then, select “OpenKeychain,” which you’ve just installed.

Now you’re ready to send and receive encrypted email messages in K-9 Mail.

Note: remember that, when using PGP/MIME encryption, you’ll need the public encryption key of the recipient. So, you can encrypt the message with their public key and they can decrypt it with their private key.

This means that the other party also needs to use PGP encryption, otherwise it’s not possible.

If they want to send encrypted email messages to you, they’ll need to encrypt it using your public key, so you can decrypt it with your private key.

6 Likes

I suggest to open a place in the /e/ for this topic - it is way too complex for a simple howTo -
a few reasons / thoughts - whoever ended up here at /e/ because he/she cares about their privacy needs to find the best answers for email encryption - and unfortunately this whole topic is universes away from being trivial, e.g.
we see more and more recent discussions about “web-of-trust” is a failed concept - impacting cacert.org and PGP - some say it cannot / will not survive as it is now - keyservers being attaced - I’m not involved into this discussions but as /e/ targets to reach non-geek persons we should have some recommendations here - and incorp new developments as they may come up.
Next is this non-sustainable inflations of self-key creation - at least there are some good descriptions which starts with explaining what a keyring is, why there are identity, siging and encryption keys etc - that is useful - unfortunately if you follow these instructions and make a keyring for daily use which limits the impact if the device or keyring got lost - then the troubles with openkeychain begin - there is a solution - but a wiki would be a good place to explain how and why.
Then S/MIME - the other way to protect your emails - which to me is essential if /e/ should also attract enterprise users - the certificate handling is completely different - free offers to get a cert dissappeared from the market - and even if they come back one day - non-geek users need to understand why the cert authority then should NOT create my private key - and how to do this the secure way -
so all in all lots of stuff which would justify a wiki section IMHO
And last but not least - should /e/ just be a bystander or could we - the /e/ community - take a more active part here (knowing that resources are limited) to solve a few things here e.g. missing S/MIME support in K9 or help issuing trusted certificates