How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

E.Keen


Dear community,

I am very passionate about cyber security and working against mass
surveillance. I therefore try to stay informed about security
measurements and encryption.

Nevertheless, I do have a problem which I cannot solve by myself.

I generated a keypair using enigmail on thunderbird for this email address.
Now, I'd like to use the same address with the same encryption keys on
an iOS device.
However, I don't know how to transfer the private key securely without
anyone else being able to obtain it.
Someone informed me that there might be a possibility to type in the
private key manually.

I 'd appreciate any help or further information you might give me.

Thank you very much.

Kind Regards,

E.Keen


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Fabian A. Santiago
July 16, 2017 11:41 AM, "E.Keen" <[hidden email]> wrote:

> Dear community,
>
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
>
> Nevertheless, I do have a problem which I cannot solve by myself.
>
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
>
> I 'd appreciate any help or further information you might give me.
>
> Thank you very much.
>
> Kind Regards,
>
> E.Keen
>
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

people out there correct me if I'm wrong,

iOS natively won't make use of gpg keys, only s/mime. so you'd be relying on a 3rd party app to handle encrypted email using the former. unless you also have an s/mime key pair to use, then iOS' mail app will use it.

said 3rd party app may allow you to transfer the key(s) to your device by way of itunes. i forget the exact place (something to do with app syncing i think) but there would be a place you can copy the files you wish to have sync'd to your mobile device. then the app would pick it up from there.

i've used one such app before in the distant past but forget its name and don't currently have an ios device on me to look around but you can probably find something in the app store.

--

Thanks,

Fabian S.

OpenPGP: 3C3FA072ACCB7AC5DB0F723455502B0EEB9070FC

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Jürgen Polster
As said by Fabian, IOS natively only supports S/ MIME keys. This works rather seamlessly. You nearly do not notice it. However to exchange or DELETE outdated S/MIME certificates of others is a real pain and made me stop working with it.

The IOS apps for working with openpg encryption are iPGMail and oPenGP. Both interact with mail by cut and paste of content and you can transfer your private keys and public keys by help of the iTunes App and a cable from your windows or Mac PC. It works but due to the cut and paste workflow use is rather inconvenient.

Kind regards
Juergen Polster


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Andrew Gallagher
On 2017/07/16 18:24, Jürgen Polster wrote:
> The IOS apps for working with openpg encryption are iPGMail and
> oPenGP. Both interact with mail by cut and paste of content

In the case of iPGMail, it can also use the "mail attachment" OS hook to
automatically populate a draft email. You still need to press "send" a
second time, but you don't have to mess around with clipboards.

The disadvantage is that sending encrypted messages as attachments is
not standards compliant, and enigmail for one has great trouble dealing
with them at the other end. Unfortunately there's no way for an iOS app
to implement PGP/MIME properly, given Apple's strict restrictions on
email apps.

A


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

MFPA-5
In reply to this post by E.Keen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Friday 14 July 2017 at 7:48:59 PM, in
<mid:[hidden email]>, E.Keen wrote:-


> However, I don't know how to transfer the private key
> securely without
> anyone else being able to obtain it.

I would think you could transfer the private key file to the moblle
device by bluetooth, or by using a USB cable, or by email. So long as
the private key is protected by a decent passphrase, anybody else
getting a copy of the file should be of no consequence.

- --
Best regards

MFPA                  <mailto:[hidden email]>

Amateurs built the ark. Professionals built the Titanic.
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXeK2V8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5BPrAQCGoFfJn5IQnG5aaj0EFLPTNDF8jF4ADdVhbl5A7hIijAEA48UASqwS2rDC
MlYkdmU0O0nRASVVsTdkHFmTVDObqQiJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXeK2V8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8PbJCACypL9BLEGvqxMEqv1FxxnM0JWU
xbZ4iDrn9Rt88siRvgq3QwNwdeAEYdFHMEHa4uaXdg0RrhVVKZMbUx3y938kNwfZ
ZbFwUsYHKYF60cnhxZ/m5qQzMRsUMIzRvc2CDeWd2OtXIs2lbNh01SZk6bu0zoXO
oSTdJ0LN1Thy2fCjyBrP/nrC73F7z68JG757jjmu4EFsf3d4xeoJjNpiWk1ei6QQ
nir2wp7TeCUeJKxPKCk6CyPNpqznZ+pB2da71uZzh/q2gE0jSsBmEfDaE2AnegeA
39osnm4fYjefT4aXqiefKhfIp9Y0Vhm6eFyvhfgp8IAUei0npeyWw7FibtLE
=dfyc
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Robert J. Hansen-3
> I would think you could transfer the private key file to the moblle
> device by bluetooth, or by using a USB cable, or by email. So long as
> the private key is protected by a decent passphrase, anybody else
> getting a copy of the file should be of no consequence.

This is correct.

I've often volunteered to publish my private key in the _New York
Times_, if someone will just pay for the listing.  With a strong
passphrase, private keys are pretty darn safe against casual snooping.


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Lukas Pitschl | GPGTools
In reply to this post by E.Keen
Since its release, Canary Mail is probably your best option, since it support OpenPGP out-of-the-box.
If you rather prefer to keep using iOS Mail, you’ll have to resort to the much less than user friendly options oPenGP and iPGMail (as others have mentioned). They work, but the user experience is really not pleasant if you receive a lot of encrypted messages. Also I don’t think they support verification of PGP/MIME messages (due to restrictions imposed by iOS).

Best,

Lukas
GPGTools

> Am 14.07.2017 um 20:48 schrieb E.Keen <[hidden email]>:
>
>
>
> Dear community,
>
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
>
> Nevertheless, I do have a problem which I cannot solve by myself.
>
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
>
> I 'd appreciate any help or further information you might give me.
>
> Thank you very much.
>
> Kind Regards,
>
> E.Keen
>
>
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Andreas Heinlein-2
In reply to this post by Robert J. Hansen-3
Am 25.07.2017 um 20:34 schrieb Robert J. Hansen:
I would think you could transfer the private key file to the moblle
device by bluetooth, or by using a USB cable, or by email. So long as
the private key is protected by a decent passphrase, anybody else
getting a copy of the file should be of no consequence.
This is correct.

I've often volunteered to publish my private key in the _New York
Times_, if someone will just pay for the listing.  With a strong
passphrase, private keys are pretty darn safe against casual snooping.

I still would not recommend that to non-technical people. While the users on this list probably know what a 'decent' passphrase is, most normal users don't. They tend to choose passwords which are too short, contain dictionary words - or they are written down right under the keyboard... Having a second line of defense, i.e. keeping the private key secure, is usually a good idea. That's the whole point of the OpenPGP smartcard, after all.

Andreas


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (220 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

mark M
In reply to this post by Lukas Pitschl | GPGTools
But these are all paid apps are there any open source or free apps to do PGP on iOS


From: Gnupg-users <[hidden email]> on behalf of Lukas Pitschl | GPGTools <[hidden email]>
Sent: Tuesday, July 25, 2017 12:42:47 PM
To: E.Keen
Cc: [hidden email]
Subject: Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail
 
Since its release, Canary Mail is probably your best option, since it support OpenPGP out-of-the-box.
If you rather prefer to keep using iOS Mail, you’ll have to resort to the much less than user friendly options oPenGP and iPGMail (as others have mentioned). They work, but the user experience is really not pleasant if you receive a lot of encrypted messages. Also I don’t think they support verification of PGP/MIME messages (due to restrictions imposed by iOS).

Best,

Lukas
GPGTools

> Am 14.07.2017 um 20:48 schrieb E.Keen <[hidden email]>:
>
>
>
> Dear community,
>
> I am very passionate about cyber security and working against mass
> surveillance. I therefore try to stay informed about security
> measurements and encryption.
>
> Nevertheless, I do have a problem which I cannot solve by myself.
>
> I generated a keypair using enigmail on thunderbird for this email address.
> Now, I'd like to use the same address with the same encryption keys on
> an iOS device.
> However, I don't know how to transfer the private key securely without
> anyone else being able to obtain it.
> Someone informed me that there might be a possibility to type in the
> private key manually.
>
> I 'd appreciate any help or further information you might give me.
>
> Thank you very much.
>
> Kind Regards,
>
> E.Keen
>
>
> _______________________________________________
> Gnupg-users mailing list
> [hidden email]
> http://lists.gnupg.org/mailman/listinfo/gnupg-users


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

MFPA-5
In reply to this post by Andreas Heinlein-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Tuesday 25 July 2017 at 9:49:15 PM, in
<mid:[hidden email]>, Andreas Heinlein
wrote:-


> I still would not recommend that to non-technical
> people. While the
> users on this list probably know what a 'decent'
> passphrase is, most
> normal users don't. They tend to choose passwords
> which are too short,
> contain dictionary words - or they are written down
> right under the
> keyboard... Having a second line of defense, i.e.
> keeping the private
> key secure, is usually a good idea. That's the whole
> point of the
> OpenPGP smartcard, after all.

Do "most normal users" make use of an OpenPGP smartcard? Those that do
might be able to use the same keypair on their mobile phone by means
of an NFC-enabled smartcard.

- --
Best regards

MFPA                  <mailto:[hidden email]>

Ultimate consistency lies in being consistently inconsistent
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXhgfl8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5AsfAP9hhucd8ifzPhIsSZiFSHJmsuOw1CBYE6bAcKFXSi8kIQD+IH+kDNLW6WTU
9TLUlqINxgJe+UE0/XaAxaD/t6Xc7A2JAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXhgj18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8NLQB/9Z66y179mYiHkgNXX2oW6cdFgo
VoaPcImpg+nKzMITS6XXynRxUoc2mWBD3SI1bV5EyEuDk47qd+PmKyGXf6dPUoog
IF9psxhLmPyVIELKZduZn0rAdE7a3kvup4OJJdTPmLdh5iNbdWwoufaCvU3gxipF
730imQUUgAaVYTXxLvB4DFzUcHXmML8ci9VJdbaRxEyRwmzBNTyiL02gMtlvmuch
pxdkJal7qCnUf1RYwHlUHNxNlIek/9pDgxs1PP/HzwrpvAFoxMUMZJPA95Ld6f6Z
ekKmsYxOJBwLKKCO+OQnPk7nrtxPO9e9sqIbMEHURE8FfXTNDvEeotoocvOt
=Az0j
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Andreas Heinlein-2
Am 26.07.2017 um 11:27 schrieb MFPA:
> Do "most normal users" make use of an OpenPGP smartcard? Those that do
> might be able to use the same keypair on their mobile phone by means
> of an NFC-enabled smartcard.
Surely not. I guess most "normal users" don't even know that such a
thing exists.

Besides that, AFAIK the NFC-functionality on several SmartCards is not
for use with OpenPGP, it's just there for additional purposes with other
applications.

Bye,
Andreas


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (259 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

dekkzz78
On 07/26, Andreas Heinlein wrote:

>Am 26.07.2017 um 11:27 schrieb MFPA:
>> Do "most normal users" make use of an OpenPGP smartcard? Those that do
>> might be able to use the same keypair on their mobile phone by means
>> of an NFC-enabled smartcard.
>Surely not. I guess most "normal users" don't even know that such a
>thing exists.
>
>Besides that, AFAIK the NFC-functionality on several SmartCards is not
>for use with OpenPGP, it's just there for additional purposes with other
>applications.
>
>Bye,
>Andreas
>
When you say not for use with OpenPGP, do you mean most "smartcards" marked as SLE4442 compatible won't work with
GnuPG?

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

MFPA-5
In reply to this post by Andreas Heinlein-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512



On Wednesday 26 July 2017 at 12:27:20 PM, in
<mid:[hidden email]>, Andreas Heinlein
wrote:-



> Besides that, AFAIK the NFC-functionality on several
> SmartCards is not
> for use with OpenPGP, it's just there for additional
> purposes with other
> applications.

At least on some, NFC works with OpenPGP. For example, see
<https://www.grepular.com/An_NFC_PGP_SmartCard_For_Android>.


- --
Best regards

MFPA                  <mailto:[hidden email]>

No matter what a man's past may have been, his future is spotless.
-----BEGIN PGP SIGNATURE-----

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWXiKAl8UgAAAAAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5HqlAQCmFewc0eqa/TU4CxS9vmYtu+YM4xog3tRdWRJ5HjuyegD/XIl17phzyFt+
hPIQRw4Golp3ysr6EnDFamMudTVlTAKJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWXiKEF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8LeDCACAd6ycOQY0aLE0ip+2WWNAnScX
5/0jE439gGT2QghAEunYrpQnTnV66f1Nej7jokGU1+1YR2cxAckcBThmBOuZL4/s
pLI1VqY3ky8TKKvoQf3JcyoMZ9RV63B6Ws0yLu7ER6U0thHwuMsPbTPhl2f7NQx3
quArOYYzCAgWR6aVGyyPGje0OcrBY4PyGSNn2dYAPWsVBRnwhySS7Tz2sqXyPA90
16mfCm3KmRh65bOwhP0VyUDaWXG0kOeZYy55oWiRgFQxkOL1UTOmtKGQstShrl8W
TWlupHWJi5LFisHC5Rt8h8tvG+H8USn64smk/7nxOIQnwzAZXaHWj30hr7PB
=dnYV
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|

Re: How to use a the same generated keypair on enigmail/thunderbird and iOS Mail

Andreas Heinlein-2
In reply to this post by dekkzz78
Am 26.07.2017 um 14:05 schrieb [hidden email]:

> On 07/26, Andreas Heinlein wrote:
>> Am 26.07.2017 um 11:27 schrieb MFPA:
>>> Do "most normal users" make use of an OpenPGP smartcard? Those that do
>>> might be able to use the same keypair on their mobile phone by means
>>> of an NFC-enabled smartcard.
>> Surely not. I guess most "normal users" don't even know that such a
>> thing exists.
>>
>> Besides that, AFAIK the NFC-functionality on several SmartCards is not
>> for use with OpenPGP, it's just there for additional purposes with other
>> applications.
>>
>> Bye,
>> Andreas
>>
>
> When you say not for use with OpenPGP, do you mean most "smartcards"
> marked as SLE4442 compatible won't work with GnuPG?
Actually the one OpenPGP smartcard I know of is sold by FLOSS-Shop
(ex-kernel-concepts):
https://www.floss-shop.de/de/security-privacy/smartcards/4/openpgp-smart-card-v2.1-mifare-desfire?c=41

This one has an NFC chip but which is not for use with OpenPGP.

There may be other smartcards out there which can also be used with
GnuPG but they're usually not called "OpenPGP card".

Andreas



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (259 bytes) Download Attachment