Email encryption options on an iPhone
I've started taking security more seriously lately. (Why only now you may ask? Because I'm a trusting fool that's why.) I've now got emails signing automatically and encrypting where I have their key.
Previously I only did this when necessary, but I'm trying to breed a sense of change around me and taking my own medicine seems sensible. I have no issue with GPG in Thunderbird, Outlook, or on Android with K9 Mail & APG, but I have no idea how to handle GPG on IOS.
I can't accept there's no way, it seems ridiculous, or maybe I'm approaching the problem wrong and there is a more appropriate route than GPG that's better supported?
Try iPGMail.
More here.
Features (copied from iTunes app store):
PGMail is an app that implements the OpenPGP standard (RFC 4880) and allows the user to create and manage both public and private (RSA and DSA) PGP keys and send and receive PGP encrypted messages.
PGP Keys and Messages can be passed to iPGMail several ways:
From the iOS Mail.app - The iOS mail application will pass PGP attachments to iPGMail directly, eliminating the need to do an awkward copy-and-paste. NOTE: PGP messages that are part of the main body of an email will still have to be copy-and-pasted, only properly tagged attachments can be passed automatically.
Directly from the system clipboard. Copy-and-paste the PGP message text from any file, webpage, or message, and it can be imported and decrypted by the app.
iTunes File Sharing - Connect your device to a computer and open up iTunes, in the "Apps" section, you can scroll down and select iPGMail under the File Sharing section and transfer files to and from the app to your computer.
DropBox - Starting with iPGMail v 1.14, you can link iPGMail to a dropbox account and transfer files to and from your dropbox file space. This means you can encrypt and protect your dropbox files or share files with others through your existing dropbox Public interface.
iPGMail supports PGP key generation (RSA) directly in the app and stores them securely using the iOS keychain for the application. Using your own private PGP keys, you can encrypt and/or digitally sign any messages. Optionally, your public key can be attached to any message you send from the app so that the recipient can then import it into their own keychain, either on the phone or on any computer with PGP support.
iPGMail will import your private keys so you can reuse your existing PGP identity and keys on your iPhone or iPad. Both public and private keys can be imported through the interfaces listed above.
iPGMail allows the user to search public SKS PGP keyservers to find registered public keys for other people with whom the user can then send email that is digitally signed and/or encrypted encoded in OpenPGP ASCII Armor.
This app is ideal for securing your files or for sending secure email messages to specific parties without worrying about it being viewed by anyone other than the designated recipient.
PGP is a fantastic standard and has many uses and great implementations, but if you want to sign and encrypt email with a minimum of fuss, I think you'll find as I have that S/MIME is more well-supported. Many mail clients (including the stock Mail app on iOS and Mail.app on OS X, and other popular clients such as Microsoft Outlook) can handle S/MIME out of the box with no addons. Email certificates are authenticated by a CA, like SSL certificates for the Web, instead of requiring you to rely on the PGP web of trust to authenticate others' certificates and have them authenticate yours.
You can get a free S/MIME certificate from StartSSL. Once you've created it, you can export it from your browser (be sure to use a passphrase!), email it to yourself, then open it within the iOS mail application to install it. Your Mail account settings will then offer options to use the installed certificate to sign and/or encrypt your mail.
(I have no affiliation with StartSSL, other than as a satisfied (non-paying) customer.)
Try oPenGP.
Features (as listed at iTunes page):
- Decryption / Verify.
- Encryption & Sign.
- Clear sign.
- Fully compliant with GPG & PGP® Desktop software.
- Text message (armor format) "Decryption / Verify" and "Encryption & Sign" through Clipboard (copy & paste), iOS Documents interation (ex: iOS Mail.app -> oPenGP), Email, SMS, Dropbox, "My Files".
- Files (.pgp or .gpg files) "Decryption / Verify" and "Encryption & Sign" through iOS Documents interation (ex: iOS Mail.app -> oPenGP), Email, Photos, Dropbox, "My Files".
- Local folder "My Files", to store encrypted documents inside oPenGP, can be managed through iTunes file sharing.
- OpenPGP/MIME renderer (RFC 2045 Plain UTF-8 message bodies, RFC 2046 Attached files), for reading mail with attached files sent with GPGMail (open source plugin for Apple Mail).
- Automatic extraction of decrypted archives (.tar .gz .zip .7z .rar) included in OpenPGP/MINE format or in .pgp .gpg files.
- Ability to preview all decrypted files (Ex: .png .jpg .pdf .doc) or to send them through iOS Documents interaction (ex: oPenGP -> Quick PDF).
- Importation of PGP keys (.asc files) through iTunes file sharing, iOS Documents interation, Clipboard, Dropbox.
- Search & import public keys from server (hkp).
- Secured keyring storage.
- Secured passphrase cache.
- Lock application with a passcode.
- Auto encrypt to myself.
Features NOT supported, but on roadmap: - Trust, verify, sign & update public keys on servers (hkp). - Creation of secret/public keys.