Using OpenPGP on the iPhone

Just the other day, I was testing the OpenPGP email encryption system with a reader and he asked me a darn good question of how he can get this to work on his iPhone. Surprisingly, while I have thought about it in the past, I never actively looked for a solution. If you don’t know what OpenPGP is, then you have no idea on what you’re missing out on! Of course, I also have to consider with whether or not you care about encrypting your email for total secrecy in the first place. If you have no need for email encryption, then obviously you wouldn’t really care about OpenPGP. If on the other hand you do have a need for trading secure emails, then you would be wise to read up on my past article which talks a whole lot more on this subject and how you can set it up for yourself. In today’s society, you don’t have to slave yourself in front of your computer just to be able to send an email. Smart phones, MP3 players and tablets all allow you to perform this function. The problem with OpenPGP is that most companies don’t really adopt the standard and bake it into their operating system by default. You generally have to rely on third party tools to get the function. This kind of makes sense as OpenPGP isn’t really all that popular with casual users and introducing it in the system will add more complexity and unnecessary confusion. With the iPhone being as popular as it is today, I’m sure many OpenPGP users (especially corporate type) will want a way to add that capability on their smart phone as well to take advantage of email encryption no matter where they are and without having to lug around their laptop I might add.  Well, I am happy to say that this is now possible with a brilliant app called IPGMail!

IPGMail

As I said above, OpenPG, while pretty popular with users are need email encryption, is still not famous enough in the casual marketplace. Why? Because most users either don’t have a need for email encryption or they think that their emails are secured by default and nothing needs to be done. The problem this presents is from a support perspective. A quick search for “openpgp” within the Apple’s app store and I get a return of about 4 different types of apps. One of them seems free until you read the user reviews and figure out that you have to pay $1.99 for both the encryption and decryption feature! Another app costs a whopping $49.99. From user reviews, it seems the app does a very good job at handling OpenPGP emails but for that price, it will spook away most but the most hardcore of users. Luckily however, another app caught my attention. That app is called IPGMail and it costs a mere $1.99. For that price, it can handle both email encryption and decryption. No other hidden costs and user reviews seem very positive. Upon heading to their official app website, I got more information about the app such as its extra features, functions and how the app generally works overall.

You can find more information about IPGMail from here. To purchase IPGMail, head over to iTunes.

Once you understand how the OpenPGP standard works, you’ll realize that there are really only a couple of necessary functions it needs to perform. These includes generating a key pair for a user, importing other users public key, encrypting/decrypting emails and signing/verifying a signature. Once an app gets these functions incorporated, the rest is just extras. They key question many may have is the usability portion. On the iPhone, I’m assuming you are using the default Mail app. Although I’m not a developer or programmer, I’m willing to say that Apple doesn’t really allow third parties to tamper with that app. They may allow other apps to interact with the Mail app but as far as actually customizing the Mail app itself (such as baking in the OpenPGP feature built by other developers) is off limits. A jailbreak may allow some developers access though again, I’m not sure. The point is, how do we use IPGMail if its not baked into the default Mail app on the iPhone?!

Importing Your Private Key

Here are the pics from the app in its default state. You can see the five sections that correlate to the different functions of the app:

Empty KeysEmpty ComposeEmpty DecodeEmpty FilesDefault Settings

First things first. I need to import my private/public key pair for my email here at AnotherWindowsBlog. The good news with IPGMail is that you can actually create your own key pair right within the app itself. If you’ve already invested time in OpenPGP, then I’m sure you already have your own key pair generated. This holds true for me so I’m going to actually perform an import of my private key instead (which also imports my public key). IPGMail gives us a couple of options for this procedure. We can either import our keys via Dropbox integration, email or in iTunes. I will choose the latter. With the key pair imported, I head to the Files section, click on the imported private/public key pair and select the Decode option. From there, I type in my ultra secret passphrase. With that completed, my private key and public key now shows up in their respective section under the Keys section.

Create New KeyiTunes ImportImportedPrivate Key PassphrasePrivate Key

Decrypt Email Messages

Alright, so now that we have our private key imported into IPGMail, it’s time to decode some emails! For this, I have a dummy account of jsmith808@gmail.com. I’ve done all the background work. Both my account and the dummy account have each other’s public key so that encoded emails can be sent to one another. I have also imported the dummy account’s public key into IPGMail. Again, I can do this via Dropbox, plain ol’ email or iTunes.

First, I will send a encrypted and signed message from the dummy account to my main email account (anotherwindowsblog@gmail.com). Below, you can see that I’ve opened the email via the default Mail app on my iPhone and as expected, the message is in its encrypted form and unreadable.

Encrypted Email

So, in order to decrypt and verify that this email did indeed came from John, I now need to use IPGMail on my iPhone. The one thing I need to do is copy the entire PGP message to the clipboard. For that, I simply highlight the message, hit Select All and hit the Copy button. Within IPGMail, I head over to the Decode section and simply hit the Import button at the top left corner. Because the message is in the clipboard, the app will take it and import it in the app. If you’ve done everything correct, you will be prompted for the passphrase to unlock your private key because it is needed to decrypt the message. If entered correctly, IPGMail will decrypt the email and save it as a plain text file. If the sender also chose to sign the email, IPGMail will also indicate that the signature is verified by highlighting the sender’s email in green with a check mark next to it.

Decrypted and VerifiedPlaintextFile ActionDecrypted Email

As you can see, everything works as expected. The only true hassle when decrypting emails is that you have to first copy over the encrypted email message first from the Mail app. However, it shouldn’t be that big a deal once you use the app for a week or two. The one problem is what to do with your decrypted email in IPGMail. As you can see above, the email I decrypted is stored as a plaintext file. As the developer states on his website, it is up to the user on deciding what to do with that file. If the user deems that the email posses no security risk, they can choose to leave the email in its unencrypted form. If the email is confidential but no longer needed after it has been read, the user can simply delete the decoded email. If they need to read the message again, they will have to repeat the process of decrypting the email. If however the email is confidential and needs to be saved, then the user can choose to encrypt the plaintext file with their own public key and then simply delete the plaintext copy. Whenever the message needs to be reread, the user is prompted for the passphrase to unlock their private key which in turn decrypts the message again to plaintext. The bad news for some is that they will need to again delete the unencrypted email each and every time they decode it to maintain the utmost privacy.

Encrypting Email Messages

Luckily, IPGMail allows us to send encrypted and signed email messages right within the app itself, sort of. We simply head to the Compose section. By default, IPGMail will both encrypt and sign the message. You can however choose to do either or. Remember, encryption uses the recipients public key and scrambles the message so that it is virtually unreadable to anyone but the private key owner. When you sign an email, you use your own private key. By itself, signing an email does NOT encrypt the contents of the message. It only allows the recipient to verify that you have indeed sent the message (since you are the only person in the world who possess your own private key) by using your public key to decrypt the signature. Once you hit the send button, IPGMail will encrypt the message in a encrypted.pgp file and launch the default Mail app with the file attached. But that encrypted file looks like trouble. That’s not what we want in most cases. Depending on the recipient and how they read their encrypted email messages, sending your encrypted email via an attached .pgp file might not be the best way to go. Instead, what I will do is enable an option within IPGMail to actually append the actual encrypted message (the random gibberish of characters and numbers) within the email body rather than as an attachment. In the Settings menu, I will enable the “PGP in Email Body” option. Once done so, my composed email will look more like a standard encrypted email as you can see below in the third picture.

ComposeMail SendPGP in Body

In the second and third picture, simply ignore the blurred text and replace it with my main email address.

Now lets head over to my test dummy account. I’ve configured it to use Thunderbird along with the Enigmail extension, which I’m sure many other users out there are using as well to take advantage of OpenPGP. As you can see, the recipient (John, my dummy account) decoded the message with no issues at all. The message was also verified as having been signed by Simon (me) and that all is good. This proves that everything works as expected with IPGMail!

Recipient DecodeRecipient Verify

Extras

IPGMail does come with some extra settings which I’ll take a look at here:

Attach PubKey: This is a very good option to enable if you communicate with a lot of people of whom you’ve never communicated with before. Chances are your close friends and associates will already have your public key. For those people you’ve just met, this option automatically attaches your public key to the email so that the recipient can immediately extract it and import it to their keyring. However, I would just personally attach my public key on a manual basis rather than on every single email I send out.

Enable App PIN Protection: It is my belief that every security app should incorporate this feature. By requiring a PIN to enter the IPGMail app on your iPhone, you can choose to leave the plaintext files on your phone instead of having to re-encrypt it every time. Preferably, you would choose a PIN that is different from your iPhone unlock PIN! This way, even if you give your phone to your friends for temporary use, they won’t be able to get inside IPGMail to read your confidential emails. However, do be beware that if someone should steal your phone, they can easily extract the plaintext files so again, it is up to you on how you want to protect your data.

PGP in Email Body: This option I’ve went over earlier. Some OpenPGP email clients and extensions might not be able to read the attached PGP file or if possible, requires manual adjustment on the recipients behalf. However, if your other friends send you a PGP email in the attached form, you can actually click on the PGP attachment within the default Mail app on your iPhone and choose to open it in IPGMail. This saves you the hassle of having to first copy the entire message first. Personally, I would recommend to enable this option to make life easier for the recipient!

Enable Dropbox: This is a pretty big feature. By enabling this feature, you allow IPGMail access to your Dropbox account. This allows you to store encrypted messages to your Dropbox account. Another usage scenario would be to upload a recipients public key to Dropbox and then download it back into IPGMail for import. The other neat feature with OpenPGP is that it is not limited to just email encryption. You can actually use your key pair to encrypt actual data! With Dropbox support enabled, you can do just that within IPGMail!

Enable iCloud: I don’t use iCloud so I can’t say for sure what this feature can do but I’m guessing it allows integration with Apple’s iCloud services.

Default Mode: By default, IPGMail chooses to both encrypt and sign your emails when composed. You can change the default from here. Of course, you can also choose at the time you compose your email within the Compose section as well.

Password Cache Timeout: This configurable time limit allows you to set the amount of time (max is 1 hour) that IPGMail will cache your passphrase. Of course, the longer the time limit the less secure it will be. However, you will be prompted for less passphrase prompts when decrypting/signing emails.

In the End…

I have nothing but high praises for IPGMail. I want to applaud the developer for taking the time to make this app and to continuously improve upon it. After reading some reviews of the app in iTunes, many users have also praised the developer for being prompt with support and incorporating requested features. If you are already using the OpenPGP system, then you should already know what its all about. Being able to securely trade emails between party members gives a level of confidence in that no one but the intended recipients are able to decrypt them for consumption. If in the past you thought that you had to be on your computer to be able to decrypt and encrypt email messages with OpenPGP, then you should seriously give IPGMail a try. For $1.99, it is definitely not a wallet breaker when you look at the other app that charges you for $49.99! From a usability standpoint, I’m guessing it won’t take you long before you get use to how things are done within IPGMail. I can see how some users will balk at how you need to actually copy the PGP email message first before being able to read it. However, unless you are receiving an encrypted email every other second throughout the day, I don’t think this will be a problem for the majority of users.

With that being said, I personally think that if you’re heavily invested in OpenPGP whether for your private or business email account, this $1.99 app will be one of the best investments you’ll make in a while. It’s just so darn convenient!

VN:F [1.9.22_1171]
Rating: 4.4/5 (12 votes cast)
Using OpenPGP on the iPhone, 4.4 out of 5 based on 12 ratings

Comments

  1. TPDevelop says:

    Nice Article!

  2. Canary Wolf says:

    How do I use the same private/personal key on both my ipad and my iphone? I have this app installed on both. Am Inable to use both, or will one override the other. Also, if someone has my password / email could they not add my account to their file and send messages as if they were me?

    • Hello Canary Wolf. I’m glad for your interest in using OpenPGP to secure your emails. With the IPGMail app, you can actually import your private key pair. In my article, I actually did just that by importing my key pair in iTunes. You can also use other methods to import your key pair such as via email or Dropbox. I don’t have an iPhone anymore and so I don’t use this app as a result. I’m not sure if the developer have added even more ways for you to import your keys into the app or not.

      I’m a little confused as to your other question. In order for someone to actually impersonate you with OpenPGP, they would need to use your private key to digitally sign the email. However, in order for them to do this, they would need to know the password that unlocks your private key. What they will be able to do is use your email account to send email messages to other recipients claiming to be you. This is no different then if someone hacked into another person’s email account. It has nothing to do with OpenPGP. They will also not be able to read encrypted emails sent to you because they also need to unlock your private key.

      With OpenPGP, the idea of non-repudiation means you can prove that someone indeed have sent that email and no one because they have signed the message with their private key which only they should be in possession of. That is why it is extremely important that you never, ever use a weak password to protect your private key. I hope it never even comes to that point though so please also use a strong password to log in to your email account. DO NOT USE THE SAME PASSWORD TO PROTECT YOUR PRIVATE KEY!

      Let me know if you have other questions.

  3. will this work on iPad? Thanks

  4. Thank you so much. Your description was exactly what I was looking for and is still helpful one year later. Most important I was wondering whether IPGMail would be able to send and receive mail (the answers being yes (through Mail-App) and no) other than copy-paste.

  5. Robert Williams says:

    Thank you for this very impressive web site.
    I want to learn how to use PGP. I have many questions and need to practice. The problem I’m having is finding others with whom to exchange messages!

    • Hello Robert. Welcome to the very heart of the problem where OpenPGP is concerned! The system itself is brilliant but getting others to buy in to it is a different story. Although the concepts are very simple once a person takes the time to understand it, getting them to change their email habits is going to be very, very difficult. A user who has spent years and years using Gmail and Hotmail is not going to like the change to using a desktop email client such as Thunderbird or even Outlook. Anyways, I’m glad you have the passion to learn PGP. Feel free to email me personally if you need a test partner or if you have other questions!

  6. Hi,

    thank you for your blogpost, very interresting!

    I´ve got a problem. I generated a new key pair on my iphone and would like to use the same key pair in thunderbird (mail client). how is it possible to “export” the key pair?

    many thanks
    Thomas

    • @Thomas – Nest time, submit your question to http://ipgmail.com/support

      The answer is simple, click on the view of your PRIVATE key, select your key, click the “action” button (arrow in upper right) and it will give you the option to export to a file. After it exports, you can move the file from the iPhone to your computer using the iTunes file sharing method described here: http://ipgmail.com/guide

  7. Thanks for the nice writeup! I will add a link back to your article on the website.

    -Will
    @ipgmail

Speak Your Mind

*


(humans only, please) *