PGpgp adds encryption for multiple recipients, additional translations and UI improvements

By Alicia Erlich on 3 Jun 2014 02:12 pm EDT
-
loading...
-
loading...
-
loading...

As a BlackBerry user, one vital concern is security when sending emails. Not too long ago, we told you about an application called PGpgp which allows you to exchange encrypted messages with your recipients or decrypt messages addressed to you. It involves creating and storing public and private keys that are not accessible by other application.

The developer dropped a line that there have been some minor improvements and adjustments since the review. The full change log is provided below for your convenience.

Version 1.4.1

  • Possibility to download the public key from the key server (search by name, key id or email)
  • Possibility to sign a text message (without encrypting)
  • Displaying key ID and fingerprint in the KEY DETAILS screen
  • Displaying key ID on the KEY LIST and KEY SELECT screen (useful when we have few keys with this same name/email)
  • There are also some minor performance improvements, for example for the users which store their key password in the memory (after the first use) encryption/signing will be a bit faster.

Version 1.5

  • Encryption for the multiple recipients
  • Private key: import & paste on the LIST screen
  • Private key: upload of the public part to the keyserver
  • Minor UI fix for entering the message (typing/focus issue)
  • Minor fixes related to the key list
  • Additional UI translations: DE, FR

It doesn't hurt to have additional safeguards when sending and receiving emails on your device. PGpgp supports all BlackBerry 10 handsets, is easy to use and is $2.99 to download.

More information/Purchase PGpgp

Reader comments

PGpgp adds encryption for multiple recipients, additional translations and UI improvements

16 Comments

After this update I was able to decrypt a message from someone on our work server with whom I had not previously stored individual keys, however I still get errors from those on the same server that I previously had individual keys with. Any suggestions to eliminate this problem would be great. i.e. will getting them to delete my old keys work?

The person who's email I can decrypt was sent with my key linked to our universal server I believe it's called. The person's email I couldn't decrypt I am unsure which of my keys were used. The reason is because before we switched to a universal server (or whatever it's called) a few individuals shared their private key pairs. I fear one of these old keys is interfering with the new (simple) universal server key for me if they have defaulted to sending me an email with one of the old keys (even though I tried importing those as well into my key ring)

I do not understand. For decryption you do not need someone's key - the message must be encrypted with your key. You need recipients key to prepare a message for him.

I will try my suggestion to see if that works. (getting them to delete all keys they previously had of me) That way, I hope, PGP will pick my correct server key which your program seems to recognize which I hope will properly decrypt instead of the frustrating message I get "Error occurred during message decryption"

Now, we'd like to see PGP integrated into BB10, and the developer reimbursed for the efforts....

"No Q10?" -> "Buy from Chen... "

Exactly. Would be more secure and the least a secure OS should offer. BlackPhone is doing it, why not BlackBerry?

I'd love to be able to generate 4096 bit RSA keys, but maybe the current hardware is too slow to do it in minutes. (ECRYPT II recommends to use RSA key lengths above 3248bits and 1024bits keys should never be used)

I found the app to be slow and not very reactive, but it's still very usable. It shouldn't be too difficult to convert this Javascript app into a native QML app and get a nice speed boost :). One problem will always remain though. This app has the "apps" privileges which are less restrictive than the ones applied to bundled apps and if it's compromised, so are the keys and/or the passphrase.

Also, the comment block in the messages mentions the app. Although it's a nice way to spread the word, it also tells an attacker what was used to generate the message. It would be best to mention the gnupg version there.

And finally, there is one caveat, you can't en/decrypt messages landing on your work account... It's not the app's fault, just something to bear in mind.

Thanks for this very informative comment. I'm no coder, but I do enjoy whatever shreds of privacy that can be had. Even if just asking what's for lunch... Someone makes it tough and makes it user accessible (even w/a bit of a learning curve), I'm there and very willing to pay for the privilege.

Posted via CB10

Hello
1) Yes, now (in the app) you may create kay max 2048 because of the performance. I suggest to create stronger keys on the computer and import them.
2) Yes, I think about it. One disadvantage will be that there must be a process to export/import all the keys, as the new (native) application will not have an access to the existing keys. I do not know yet how to solve it. Maybe I will create a new application in BBWorld and think about migration for free for the current users.
3) I know, I know ;) In the next release there will be an option to disable it (on Settings screen)
4) You must ask you admin to install the app on the WORK account.
Regards,

Thanks for all your answers and for making communications on BB10 a little bit safer. Looking forward to a native app :)

App downloaded. After emailing developer, I was able to understand functions. Now, it's easy to use, very useful for me. Quite helpful customer service; developer answers emails quickly and to the point.

Posted via CB10