Just the other day, I was testing the OpenPGP email encryption system with a reader and he asked me a darn good question of how he can get this to work on his iPhone. Surprisingly, while I have thought about it in the past, I never actively looked for a solution. If you don’t know what OpenPGP is, then you have no idea on what you’re missing out on! Of course, I also have to consider with whether or not you care about encrypting your email for total secrecy in the first place. If you have no need for email encryption, then obviously you wouldn’t really care about OpenPGP. If on the other hand you do have a need for trading secure emails, then you would be wise to read up on my past article which talks a whole lot more on this subject and how you can set it up for yourself. In today’s society, you don’t have to slave yourself in front of your computer just to be able to send an email. Smart phones, MP3 players and tablets all allow you to perform this function. The problem with OpenPGP is that most companies don’t really adopt the standard and bake it into their operating system by default. You generally have to rely on third party tools to get the function. This kind of makes sense as OpenPGP isn’t really all that popular with casual users and introducing it in the system will add more complexity and unnecessary confusion. With the iPhone being as popular as it is today, I’m sure many OpenPGP users (especially corporate type) will want a way to add that capability on their smart phone as well to take advantage of email encryption no matter where they are and without having to lug around their laptop I might add. Well, I am happy to say that this is now possible with a brilliant app called IPGMail!
As I said above, OpenPG, while pretty popular with users are need email encryption, is still not famous enough in the casual marketplace. Why? Because most users either don’t have a need for email encryption or they think that their emails are secured by default and nothing needs to be done. The problem this presents is from a support perspective. A quick search for “openpgp” within the Apple’s app store and I get a return of about 4 different types of apps. One of them seems free until you read the user reviews and figure out that you have to pay $1.99 for both the encryption and decryption feature! Another app costs a whopping $49.99. From user reviews, it seems the app does a very good job at handling OpenPGP emails but for that price, it will spook away most but the most hardcore of users. Luckily however, another app caught my attention. That app is called IPGMail and it costs a mere $1.99. For that price, it can handle both email encryption and decryption. No other hidden costs and user reviews seem very positive. Upon heading to their official app website, I got more information about the app such as its extra features, functions and how the app generally works overall.You can find more information about IPGMail from here. To purchase IPGMail, head over to iTunes.
Once you understand how the OpenPGP standard works, you’ll realize that there are really only a couple of necessary functions it needs to perform. These includes generating a key pair for a user, importing other users public key, encrypting/decrypting emails and signing/verifying a signature. Once an app gets these functions incorporated, the rest is just extras. They key question many may have is the usability portion. On the iPhone, I’m assuming you are using the default Mail app. Although I’m not a developer or programmer, I’m willing to say that Apple doesn’t really allow third parties to tamper with that app. They may allow other apps to interact with the Mail app but as far as actually customizing the Mail app itself (such as baking in the OpenPGP feature built by other developers) is off limits. A jailbreak may allow some developers access though again, I’m not sure. The point is, how do we use IPGMail if its not baked into the default Mail app on the iPhone?!
Importing Your Private Key
Here are the pics from the app in its default state. You can see the five sections that correlate to the different functions of the app:
First things first. I need to import my private/public key pair for my email here at AnotherWindowsBlog. The good news with IPGMail is that you can actually create your own key pair right within the app itself. If you’ve already invested time in OpenPGP, then I’m sure you already have your own key pair generated. This holds true for me so I’m going to actually perform an import of my private key instead (which also imports my public key). IPGMail gives us a couple of options for this procedure. We can either import our keys via Dropbox integration, email or in iTunes. I will choose the latter. With the key pair imported, I head to the Files section, click on the imported private/public key pair and select the Decode option. From there, I type in my ultra secret passphrase. With that completed, my private key and public key now shows up in their respective section under the Keys section.
Decrypt Email Messages
Alright, so now that we have our private key imported into IPGMail, it’s time to decode some emails! For this, I have a dummy account of firstname.lastname@example.org. I’ve done all the background work. Both my account and the dummy account have each other’s public key so that encoded emails can be sent to one another. I have also imported the dummy account’s public key into IPGMail. Again, I can do this via Dropbox, plain ol’ email or iTunes.
First, I will send a encrypted and signed message from the dummy account to my main email account (email@example.com). Below, you can see that I’ve opened the email via the default Mail app on my iPhone and as expected, the message is in its encrypted form and unreadable.
So, in order to decrypt and verify that this email did indeed came from John, I now need to use IPGMail on my iPhone. The one thing I need to do is copy the entire PGP message to the clipboard. For that, I simply highlight the message, hit Select All and hit the Copy button. Within IPGMail, I head over to the Decode section and simply hit the Import button at the top left corner. Because the message is in the clipboard, the app will take it and import it in the app. If you’ve done everything correct, you will be prompted for the passphrase to unlock your private key because it is needed to decrypt the message. If entered correctly, IPGMail will decrypt the email and save it as a plain text file. If the sender also chose to sign the email, IPGMail will also indicate that the signature is verified by highlighting the sender’s email in green with a check mark next to it.
Encrypting Email Messages
Luckily, IPGMail allows us to send encrypted and signed email messages right within the app itself, sort of. We simply head to the Compose section. By default, IPGMail will both encrypt and sign the message. You can however choose to do either or. Remember, encryption uses the recipients public key and scrambles the message so that it is virtually unreadable to anyone but the private key owner. When you sign an email, you use your own private key. By itself, signing an email does NOT encrypt the contents of the message. It only allows the recipient to verify that you have indeed sent the message (since you are the only person in the world who possess your own private key) by using your public key to decrypt the signature. Once you hit the send button, IPGMail will encrypt the message in a encrypted.pgp file and launch the default Mail app with the file attached. But that encrypted file looks like trouble. That’s not what we want in most cases. Depending on the recipient and how they read their encrypted email messages, sending your encrypted email via an attached .pgp file might not be the best way to go. Instead, what I will do is enable an option within IPGMail to actually append the actual encrypted message (the random gibberish of characters and numbers) within the email body rather than as an attachment. In the Settings menu, I will enable the “PGP in Email Body” option. Once done so, my composed email will look more like a standard encrypted email as you can see below in the third picture.In the second and third picture, simply ignore the blurred text and replace it with my main email address.
Now lets head over to my test dummy account. I’ve configured it to use Thunderbird along with the Enigmail extension, which I’m sure many other users out there are using as well to take advantage of OpenPGP. As you can see, the recipient (John, my dummy account) decoded the message with no issues at all. The message was also verified as having been signed by Simon (me) and that all is good. This proves that everything works as expected with IPGMail!
IPGMail does come with some extra settings which I’ll take a look at here:
Attach PubKey: This is a very good option to enable if you communicate with a lot of people of whom you’ve never communicated with before. Chances are your close friends and associates will already have your public key. For those people you’ve just met, this option automatically attaches your public key to the email so that the recipient can immediately extract it and import it to their keyring. However, I would just personally attach my public key on a manual basis rather than on every single email I send out.
Enable App PIN Protection: It is my belief that every security app should incorporate this feature. By requiring a PIN to enter the IPGMail app on your iPhone, you can choose to leave the plaintext files on your phone instead of having to re-encrypt it every time. Preferably, you would choose a PIN that is different from your iPhone unlock PIN! This way, even if you give your phone to your friends for temporary use, they won’t be able to get inside IPGMail to read your confidential emails. However, do be beware that if someone should steal your phone, they can easily extract the plaintext files so again, it is up to you on how you want to protect your data.
PGP in Email Body: This option I’ve went over earlier. Some OpenPGP email clients and extensions might not be able to read the attached PGP file or if possible, requires manual adjustment on the recipients behalf. However, if your other friends send you a PGP email in the attached form, you can actually click on the PGP attachment within the default Mail app on your iPhone and choose to open it in IPGMail. This saves you the hassle of having to first copy the entire message first. Personally, I would recommend to enable this option to make life easier for the recipient!
Enable Dropbox: This is a pretty big feature. By enabling this feature, you allow IPGMail access to your Dropbox account. This allows you to store encrypted messages to your Dropbox account. Another usage scenario would be to upload a recipients public key to Dropbox and then download it back into IPGMail for import. The other neat feature with OpenPGP is that it is not limited to just email encryption. You can actually use your key pair to encrypt actual data! With Dropbox support enabled, you can do just that within IPGMail!
Enable iCloud: I don’t use iCloud so I can’t say for sure what this feature can do but I’m guessing it allows integration with Apple’s iCloud services.
Default Mode: By default, IPGMail chooses to both encrypt and sign your emails when composed. You can change the default from here. Of course, you can also choose at the time you compose your email within the Compose section as well.
Password Cache Timeout: This configurable time limit allows you to set the amount of time (max is 1 hour) that IPGMail will cache your passphrase. Of course, the longer the time limit the less secure it will be. However, you will be prompted for less passphrase prompts when decrypting/signing emails.
In the End…
I have nothing but high praises for IPGMail. I want to applaud the developer for taking the time to make this app and to continuously improve upon it. After reading some reviews of the app in iTunes, many users have also praised the developer for being prompt with support and incorporating requested features. If you are already using the OpenPGP system, then you should already know what its all about. Being able to securely trade emails between party members gives a level of confidence in that no one but the intended recipients are able to decrypt them for consumption. If in the past you thought that you had to be on your computer to be able to decrypt and encrypt email messages with OpenPGP, then you should seriously give IPGMail a try. For $1.99, it is definitely not a wallet breaker when you look at the other app that charges you for $49.99! From a usability standpoint, I’m guessing it won’t take you long before you get use to how things are done within IPGMail. I can see how some users will balk at how you need to actually copy the PGP email message first before being able to read it. However, unless you are receiving an encrypted email every other second throughout the day, I don’t think this will be a problem for the majority of users.
With that being said, I personally think that if you’re heavily invested in OpenPGP whether for your private or business email account, this $1.99 app will be one of the best investments you’ll make in a while. It’s just so darn convenient!