Cariadus

As a Nominet tag holder I often have to send PGP emails to Nominet’s Automaton to renew, modify or release domains. The problem is how to do this when away from my office? Until recently my system of choice was a Nokia N810 internet tablet with Claws Mail and a PGP plugin combined with a Nokia E71 phone to provide the internet connection.

Having recently defected to Android in the shape of an HTC Desire the question was: would it be possible to send PGP mail on the Android phone?

After some searching and assistance from a very helpful Android app developer it turns out that the answer is: yes, it is possible.

I’ll make some of this brief as much of it has already been covered in other places. A good place to start is the Guardian Project’s article. However, there are some tweaks needed to satisfy the quirks of Nominet’s Automaton.

Step 1 – Get your public and private keys

If you’re a Nominet member you probably already have your PGP keys set up with Nominet. If not, follow the procedure in Nominet’s PGP guide to create your keys and register them with Nominet. You also need to export the keys so that you can copy the keys to your phone as you can’t create keys on your Android phone as yet.

Step 2 – Install the latest version of K9 mail app

The latest version of K9 has OpenPGP options built in. Note that at the time of writing you need to download this from the K9 download page as the version available on the Marketplace is several versions behind and doesn’t have OpenPGP functionality. You need version k9-2910-release.apk or higher.

You’ll need to set up an account in K9 for the email address that you use for sending to the Automaton.

Step 3 – Install Android Privacy Guard

Download the latest version of APG. This needs to be version 1.0.6 or higher to work with Nominet’s Automaton. Note: this will not be available until early-mid August 2010. (The developer was kind enough to let me try a beta version and I can confirm that it works.)

Step 4 – Import your keys to APG

Copy your public and private keys to your phone, open APG and install them – this is a fairly simple process. There is an option in APG to delete the keys once imported – it is best to check this option as it is not a good idea to have the raw private key on a mobile device.

Step 5 – Configure K9 to work with APG

In Account Settings there is a Cryptography section. Tap OpenPGP Provider and select APG. Tap the Auto-sign box so that it is checked.

Step 6 – Configure APG to work with the Automaton.

Open APG and tap Menu and Settings.

Tap Hash Alogorithm and select SHA-1

Tap Message Compression and select None

In the Advanced section at the bottom tap the box that says Force V3 signatures so that it is ticked.

Step 7 – Send a test email to Nominet

In K-9 send a test email to the Automaton as per Nominet’s PGP guide. On the compose screen in K9 you should now have a check box which should already be ticked for your public key. Don’t check the Encrypt box – the Automaton needs signed PGP mail, not encrypted.

Has it worked?

And finally you should hopefully get an email reply from the Automaton to say that your test message has been successful.

If not, check that you are using keys that have already been registered with Nominet and that you have configured APG correctly in step 6. You can check Nominet’s list of error messages.

If it did work consider sending a donation to the developer of APG who went out of his way to ensure that the the PGP signature produced by APG satisfied the vagaries of the Nominet Automaton. Many thanks Thialfihar!

References:
http://code.google.com/p/k9mail/
http://code.google.com/p/k9mail/downloads/list
http://www.thialfihar.org/projects/apg/
http://guardianproject.info/2010/07/09/how-to-lockdown-your-mobile-e-mail/
http://www.nic.uk/registrars/systems/auto/pgp/