Privacy on Android: Using the K9 Email Client with Encryption
This post is the second in the series on using OpenPG to sign and/or encrypt emails on Android.
This guide covers the setup of the K9 email client on Android for use with APG in order to encrypt and sign emails with OpenPGP. It also covers other basic options in K9, such as setting email signatures for outgoing messages, and how to send emails.
This guide requires that the steps in Installing and Configuring APG be implemented on your phone first.
Updated to include picutures
Installing K9
Start by installing the K9 email client. K9 should be available through the Android Market, or you can download the APK from Google Code.
Setting Up You Email Accounts
Start K9.
Click the next button.
Make sure that your email is IMAP or POP enabled, and configure the options K9 presents you as you would any email client.
Once the configuration is complete, the email in your inbox should download.
Adding Additional Email Accounts
In order to add a new email account, K9 must have the listing of accounts open, rather than a particular email account.
While at this list, press the menu button on your phone, and select “Add Account”. Follow the same steps for adding the new email address as you did when you added the first account.
General Settings
Configuring Email Signatures
Each account has a separate signature. For each account you must have the inbox for the account open to set the signature.
While in the account, push the menu buttton, and select “more”, select “Settings”, select “Account Settings”, “Sending Mail”, and finally “Composition Defaults”.
The signature can be set from here, as well as disabling it, or modifying other aspects of message composition.
Sending Emails
To send a message, click the menu button and select compose
After you have composed your message, hit the menu button again and you will see the available options, which include send.
Configuring K9 to Use Encryption
Setting K9 to Send Text Emails
Using OpenPGP with encryption on any platform works better with text email. When using HTML mail, it is likely that your recipient will find themselves unable to decrypt the message.
Set text only mail by pressing the menu button in the email account’s screen, selecting “more”, selecting “settings”, selecting “account settings”, selecting “sending mail”, and finally selecting “plain text” under “message format”.
Making sure that K9 uses APG
From within each account, hit the menu button, then select “settings”, then “Privacy”.
Scroll down to “Cryptography”, and select it.
Make sure that OpenPGP Provider is set to APG.
Using Auto-Sign
Navigate to the “Cryptography” (as before) and select the Autosign option
This option automatically signs every email you send.
Using Encryption and Signing in K9
If you receive an encrypted email, you will be prompted for your passphrase when you select the encrypted message. Additionally, if a message has been signed and you already have the public key of the individual who sent it, K9 will automatically check to see if the signature is valid.
If you are trying to send an encrypted message, there are two options near the top of the “Compose” screen that allow you to either sign or encrypt an email, as well as allowing you to select both.
Once you have finished composing the email, select the send option; you will be prompted with a list of keys currently stored in AGP. Choose the appropriate key from this list.
If the key you need is not in AGP, it can be added through the APG application. Once you have selected the key, or keys, you will be prompted for the passphrase for your private key.
After you enter the passphrase, your email will be encrypted and sent out.
K9 should now be configured to send encrypted or signed emails. Now that you have the initial configuration done, sending encrypted and/or signed emails is easy, as is receiving them.
Comments
This is a great guide, but since K-9 Mail leaves email account passwords and non-PGP mail in plaintext on the device, I would think twice before using it for anything. https://code.google.com/p/k9mail/issues/detail?id=1192
I'd generally say that the security of a device is more manageable than the security of the connection that an email is sent over, and as far as I know there isn't any other email application providing integration - though of course composing your email in an editor, copying it into an encryption tool, then copying the encrypted text into an email client is a viable option, though one most people couldn't be bothered with. In the end, you have to ask yourself - will encrypting the password and emails at rest do anything to prevent someone with control of my device from getting at them?