Add OpenPGP encryption to your emails with PGpgp BlackBerry 10

By Alicia Erlich on 15 Apr 2014 01:54 pm EDT
3
loading...
0
loading...
24
loading...

One of the topics many BlackBerry users are concerned over is security especially when sending emails. While there are various encryption methods available, one of the more widely used ways is OpenPGP, which is derived from PGP (Pretty Good Privacy), to encrypt and decrypt email over the internet. What this means is that in terms of email security messages you send are unreadable by other individuals or intruders.

It just so happens I came across another useful utility tool for safeguarding my messages in my inbox that implements OpenPGP for BlackBerry 10. PGpgp allows you to exchange encrypted messages with your recipients or decrypt messages addressed to you. In order for it to work you will need to create and store your keys (public and private) and own the public key of the recipient. Do not worry as these keys cannot be accessed by other applications.

What sets this apart from other applications is that you can import the private key prepared by other systems (i.e. on your computer or a similar program). Otherwise, to generate your keys you can navigate to “My Keys,” and create a new one on your device. In order to do so you will need to input your name, valid email address (one you will be using to send/receive), password, and select the strength of the key from the dropdown (1024 or 2048 bit). After that is complete, the private key can be exported to a file by choosing the export option and the public key can be shared with your contacts. You can create a key for each of the accounts on your device that you wish to send messages from.

To send an encrypted message you simply tap on the option from the dashboard or access by swiping to the tab. From the dropdown, select your private key (if more than email was setup) and the receiver key, then copy and paste the message you wish to encrypt in the box provided. After you enter in the text simply tap on the Encrypt button at the bottom. You can send the email directly from within the application or choose to copy and paste into a new message screen yourself.

Decrypting a message utilizes a similar process. You would copy and paste the encrypted message from your email into the text box and tap the decrypt function at the bottom. Remember that password you created when you setup your keys? Make sure this isn’t lost as you will be asked to provide to complete the function. Depending on the strength of the key, it may take a moment or two to finish.

For those concerned over permissions it asks for access to BBM to invite contacts and set BBM status, Shared Files (for import/export of keys), and Email messages so that it can redirect email from the hub (Share option) and be able to open the contents of the selected email.

The Good
  • Works with PGPDesktop, Thunderbird, and Enigmail
  • Encrypted text sent as an attachment can be opened via the Hub in PGpgp
  • Encrypt / Decrypt emails and text from the hub by invoking the share option and choosing PGpgp
  • Can check senders identity (There is an option to sign in settings)
  • Easy to use UI and process is relatively quick
  • Share encrypted text via email, SMS, and BBM
The Bad
  • Cannot send to multiple recipients (Planned for an upcoming release)
The bottomline

Protecting one’s privacy is important, especially in this day and age where digital information can be accessed or has the potential to become public knowledge. While it does take some getting used to, this application does aid in concealing the contents of your messages from prying eyes. While full hub integration is limited by the OS, I do not mind copying and pasting the text into the application if it means safeguarding my data. PGpgp supports all BlackBerry 10 handsets, is easy to use and is $2.99 to download.

More information/Purchase PGpgp

Reader comments

Add OpenPGP encryption to your emails with PGpgp BlackBerry 10

36 Comments

Security usually always comes at the expense of convenience, and sadly, the other way round.

To the consumer, every single extra step (ouch, a Windows password), is a hassle to be avoided. That why we are where we are now with regards to security and privacy.

"No Q10?" -> "Buy from Chen... "

Honestly, I'm not really thrilled for any kind of encryption suite that starts with "Open" right now......

On the openpgpjs.org page you may find the results of the security audit for that library. PGpgp uses the latest version, with all the issues fixed.

Perhaps you should lighten up a little before making all too serious comments ;-)

I was just joking, obviously.

I purchased it but I can only get it to send to my contacts whom already have my key (imported from my PC) and they can successfully decrypt my messages but I can't seem to decrypt any messages except if I send it to myself as a test. I suspect this has something to do with my office merging single PGP licence users over to a PGP server but I have no idea how to fix this.

This function should have been implemented by BlackBerry to avoid copy-and-paste between email and encryption/decryption utility. Nice effort on the part of the developer though since once again BlackBerry is asleep at the wheel.

What is Blackberry's usp? Surely it's that it is secure.
I want them to lead in the race for NSA-proofness. I want what they advertise for enterprises to be available to consumers. I want the best security I can get.

We should be able to tell those using WhatsApp that we get end-to-end encryption. Not even BlackBerry should be able to see our BBMs, while Facebook will ultimately get their grubby hands all over theirs.

I want openpgp encryption for emails. I want the moon on a stick.

Sorry for the rant. I signed up specially to get that off my chest :-)

Posted via CB10

Thanks for the detailed review. This looks like it could actually be usable despite Blackberry's lack of hub/email plugin support.

Do you know if the app supports 4096bit encryption? It can't generate keys, but it might be able to decrypt them.

"Snap" is the best stop-gap solution for Android apps while we wait for BlackBerry to get its act together...

Yes, you may import your key and use it for an en/decryption. The generation of the keys stronger than 2048 is disabled because it takes a lot of time on the phone. Even 2048 takes a few minutes (more or less), while 1024 generally less than 20 seconds.

Will this app import 4096 keys as well?

As for BBM, is the encryption/decryption on the fly, or must it be manually done?

Yes, it supports 4096 keys.
No, it must be done manually - no API for the integration with the hub (currently)

I'm totally confused on how to use this thing. I bought it and wanted to try it out. Never used pgp before. Just heard all the hype and wanted to check it. Can someone make a video tutorial? Yes I'm a total noob.

What confuses me is pass phrase and repeat. When it says pass phrase does that mean password or a actual phrase. Repeat does that mean confirm the pass phrase by re typing it in or something else?

Well I did it the way I mentioned above and seems to me I have it set up but no one to do a test email too. :(

Still confusing and not sure if I even have it set. Lol looking forward to the help

Posted via CB10

Hi
To create a your own pair of the keys (prvate and public), using this app, or using PGP application on the computer (which gives your possibility to generate stronger keys, the phone is not so powerfult to generate 4096bit key in the sensible time).
If you have the keys (my key screen), you may publish/ditribute/send your public key to someont (option: share). If you receive someone's public key you store/save it on the Key List screen.
if you want to encrypt the message, you must have someone's public key. If you want to decrypt, you must have the private key.
Your private key is the most important thing for you, that is why it is protected by passphrase. You will need to know the passphrase when you want use your private key 9for decryption or signing).

What else can I write... for the inforamtion about PGP just google for it, to know the general rules. If you have any specific question about the app, send me PM or first check http://pawelgorny.com/PGpgp/

Regards,
Pawel

It stands for Pretty Good Privacy.

The URL you provide describes a method where the attacker needs to have physical access to your PC, it needs to be running, and from there they attempt to retrieve your private key from RAM. If you close the lid and it turns into an encrypted lump, then this method won't work.

Nice try though.