fbpx
Wikipedia

OpenKeychain

May 05, 2024

OpenKeychain is a free and open-source mobile app for the Android operating system that provides strong, user-based encryption which is compatible with the OpenPGP standard. This allows users to encrypt, decrypt, sign, and verify signatures for text, emails, and files. The app allows the user to store the public keys of other users with whom they interact, and to encrypt files such that only a specified user can decrypt them. In the same manner, if a file is received from another user and its public keys are saved, the receiver can verify the authenticity of that file and decrypt it if necessary. As of August 2021, it is no longer actively developed.[2]

OpenKeychain
Initial release1 March 2012; 12 years ago (2012-03-01)
Stable release
6.0.4[1]  / 27 February 2024; 2 months ago (27 February 2024)
Repository
  • github.com/open-keychain/open-keychain
Written inJava
Operating systemAndroid
TypeOpenPGP
LicenseGPL-3.0-or-later
Websitewww.openkeychain.org

K-9 Mail Support edit

Together with K-9 Mail, it supports end-to-end encrypted emails via the OpenPGP INLINE and PGP/MIME formats. The developers of OpenKeychain and K-9 Mail are trying to change the way user interfaces for email encryption are designed. They propose to remove the ability to create encrypted-only emails[3] and hide the case of signed-only emails.[4] Instead, they focus on end-to-end security that provides confidentiality and authenticity by always encrypting and signing emails together.

Reception edit

OpenKeychain is listed on the official OpenPGP homepage[5] and the well-known developer collective Guardian Project recommends it instead of APG to encrypt emails.[6] TechRepublic published an article about it and conclude that "OpenKeychain happens to be one of the easiest encryption tools available for Android (that also happens to best follow OpenPGP standards)."[7] The publisher Heise reviewed it in their c't Android magazine 2016 and discussed OpenKeychain's backup mechanism.[8] The academic community uses OpenKeychain for experimental evaluations: It has been used as an example where cryptographic operations could be executed in a Trusted Execution Environment.[9] Furthermore, modern alternatives for public key fingerprints have been implemented by other researchers.[10] In 2016, the German Federal Office for Information Security published a study about OpenPGP on Android and evaluated OpenKeychain's functionality.[11] OpenKeychain has been adapted to work with smartcards and NFC rings resulting in a usability study published on Ubicomp 2017.[12]

Funding edit

The OpenKeychain developers participated in 3 Google Summer of Code programs with a total of 6 successful students.[13][14][15] In 2015, one of the main developers got a one-year funding to improve the OpenPGP support in K-9 Mail paid by the Open Technology Fund.[16]

History edit

OpenKeychain has been created as a fork of Android Privacy Guard (APG) in March 2012. Between December 2010 and October 2013 no new version of APG was released. Thus, OpenKeychain has been started with the intention of picking up the development to improve the user interface and API. A first version 2.0 has been released in January 2013. After three years without updates, APG merged back security fixes from OpenKeychain and some months later rebased an entire new version on OpenKeychain’s source code. However, this process stopped in March 2014, while the OpenKeychain developers continued to regularly release new versions. A number of vulnerabilities found by Cure53[17] have been fixed in OpenKeychain.[18] These are still not fixed in APG since its last release in March 2014. Since K-9 Mail version 5.200, APG is no longer supported as a cryptography provider.[19]

References edit

  1. ^ "Release 6.0.4". 27 February 2024. Retrieved 22 March 2024.
  2. ^ "Note about maintenance mode". GitHub. Retrieved 19 November 2022.
  3. ^ . Archived from the original on 12 February 2017. Retrieved 11 Feb 2017.
  4. ^ . Archived from the original on 12 February 2017. Retrieved 11 Feb 2017.
  5. ^ "Official OpenPGP Homepage". Retrieved 11 Feb 2017.
  6. ^ "How To: Lockdown Your Mobile E-Mail". Retrieved 11 Feb 2017.
  7. ^ "Let OpenKeychain help handle your encryption". Retrieved 11 Feb 2017.
  8. ^ Mansmann, Urs; Bleich, Holger; Kossel, Axel (2016). "Mit PGP verschlüsselt mailen". C't Android 2016. 1: 50–51.
  9. ^ Rubinov, Konstantin; Rosculete, Lucia; Mitra, Tulika; Roychoudhury, Abhik (2016). "Automated partitioning of android applications for trusted execution environments" (PDF). Proceedings of the 38th International Conference on Software Engineering. pp. 923–934. doi:10.1145/2884781.2884817. ISBN 978-1-4503-3900-1. S2CID 15474674. (PDF) from the original on 2021-10-06.
  10. ^ Dechand, Sergej; Schürmann, Dominik; Busse, Karoline; Acar, Yasemin; Fahl, Sascha; Smith, Matthew (2016). "An Empirical Study of Textual Key-Fingerprint Representations". 25th USENIX Security Symposium (USENIX Security 16): 193–208. ISBN 978-1-931971-32-4.
  11. ^ "BSI Study: Nutzung von OpenPGP auf Android" (PDF). Retrieved 13 Feb 2017.
  12. ^ Schürmann, Dominik; Dechand, Sergej; Lars, Wolf (2017). "OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android". Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1 (3): 99:1–99:24. doi:10.1145/3130964. S2CID 212416148.
  13. ^ "GSoC Archive 2014". Retrieved 11 Feb 2017.
  14. ^ "GSoC Archive 2015". Retrieved 11 Feb 2017.
  15. ^ "GSoC Archive 2016". Retrieved 11 Feb 2017.
  16. ^ "Bringing OpenKeychain Support to K-9 Mail". Retrieved 11 Feb 2017.
  17. ^ "Cure53 Security Audit" (PDF). Retrieved 11 Feb 2017.
  18. ^ "OpenKeychain Wiki: Cure53 Security Audit". GitHub. Retrieved 11 Feb 2017.
  19. ^ . Archived from the original on 12 February 2017. Retrieved 11 Feb 2017.

External links edit

  • Official website  
  • GitHub repository of OpenKeychain
  • OpenKeychain on Google Play
  • OpenKeychain Android package at the F-Droid repository

May 05, 2024
openkeychain, free, open, source, mobile, android, operating, system, that, provides, strong, user, based, encryption, which, compatible, with, openpgp, standard, this, allows, users, encrypt, decrypt, sign, verify, signatures, text, emails, files, allows, use. OpenKeychain is a free and open source mobile app for the Android operating system that provides strong user based encryption which is compatible with the OpenPGP standard This allows users to encrypt decrypt sign and verify signatures for text emails and files The app allows the user to store the public keys of other users with whom they interact and to encrypt files such that only a specified user can decrypt them In the same manner if a file is received from another user and its public keys are saved the receiver can verify the authenticity of that file and decrypt it if necessary As of August 2021 it is no longer actively developed 2 OpenKeychainInitial release1 March 2012 12 years ago 2012 03 01 Stable release6 0 4 1 27 February 2024 2 months ago 27 February 2024 Repositorygithub wbr com wbr open keychain wbr open keychainWritten inJavaOperating systemAndroidTypeOpenPGPLicenseGPL 3 0 or laterWebsitewww wbr openkeychain wbr org Contents 1 K 9 Mail Support 2 Reception 3 Funding 4 History 5 References 6 External linksK 9 Mail Support editTogether with K 9 Mail it supports end to end encrypted emails via the OpenPGP INLINE and PGP MIME formats The developers of OpenKeychain and K 9 Mail are trying to change the way user interfaces for email encryption are designed They propose to remove the ability to create encrypted only emails 3 and hide the case of signed only emails 4 Instead they focus on end to end security that provides confidentiality and authenticity by always encrypting and signing emails together Reception editOpenKeychain is listed on the official OpenPGP homepage 5 and the well known developer collective Guardian Project recommends it instead of APG to encrypt emails 6 TechRepublic published an article about it and conclude that OpenKeychain happens to be one of the easiest encryption tools available for Android that also happens to best follow OpenPGP standards 7 The publisher Heise reviewed it in their c t Android magazine 2016 and discussed OpenKeychain s backup mechanism 8 The academic community uses OpenKeychain for experimental evaluations It has been used as an example where cryptographic operations could be executed in a Trusted Execution Environment 9 Furthermore modern alternatives for public key fingerprints have been implemented by other researchers 10 In 2016 the German Federal Office for Information Security published a study about OpenPGP on Android and evaluated OpenKeychain s functionality 11 OpenKeychain has been adapted to work with smartcards and NFC rings resulting in a usability study published on Ubicomp 2017 12 Funding editThe OpenKeychain developers participated in 3 Google Summer of Code programs with a total of 6 successful students 13 14 15 In 2015 one of the main developers got a one year funding to improve the OpenPGP support in K 9 Mail paid by the Open Technology Fund 16 History editOpenKeychain has been created as a fork of Android Privacy Guard APG in March 2012 Between December 2010 and October 2013 no new version of APG was released Thus OpenKeychain has been started with the intention of picking up the development to improve the user interface and API A first version 2 0 has been released in January 2013 After three years without updates APG merged back security fixes from OpenKeychain and some months later rebased an entire new version on OpenKeychain s source code However this process stopped in March 2014 while the OpenKeychain developers continued to regularly release new versions A number of vulnerabilities found by Cure53 17 have been fixed in OpenKeychain 18 These are still not fixed in APG since its last release in March 2014 Since K 9 Mail version 5 200 APG is no longer supported as a cryptography provider 19 References edit Release 6 0 4 27 February 2024 Retrieved 22 March 2024 Note about maintenance mode GitHub Retrieved 19 November 2022 OpenPGP Considerations Part II Encrypted Only Mails Archived from the original on 12 February 2017 Retrieved 11 Feb 2017 OpenPGP Considerations Part I Signed Only Mails Archived from the original on 12 February 2017 Retrieved 11 Feb 2017 Official OpenPGP Homepage Retrieved 11 Feb 2017 How To Lockdown Your Mobile E Mail Retrieved 11 Feb 2017 Let OpenKeychain help handle your encryption Retrieved 11 Feb 2017 Mansmann Urs Bleich Holger Kossel Axel 2016 Mit PGP verschlusselt mailen C t Android 2016 1 50 51 Rubinov Konstantin Rosculete Lucia Mitra Tulika Roychoudhury Abhik 2016 Automated partitioning of android applications for trusted execution environments PDF Proceedings of the 38th International Conference on Software Engineering pp 923 934 doi 10 1145 2884781 2884817 ISBN 978 1 4503 3900 1 S2CID 15474674 Archived PDF from the original on 2021 10 06 Dechand Sergej Schurmann Dominik Busse Karoline Acar Yasemin Fahl Sascha Smith Matthew 2016 An Empirical Study of Textual Key Fingerprint Representations 25th USENIX Security Symposium USENIX Security 16 193 208 ISBN 978 1 931971 32 4 BSI Study Nutzung von OpenPGP auf Android PDF Retrieved 13 Feb 2017 Schurmann Dominik Dechand Sergej Lars Wolf 2017 OpenKeychain An Architecture for Cryptography with Smart Cards and NFC Rings on Android Proc ACM Interact Mob Wearable Ubiquitous Technol 1 3 99 1 99 24 doi 10 1145 3130964 S2CID 212416148 GSoC Archive 2014 Retrieved 11 Feb 2017 GSoC Archive 2015 Retrieved 11 Feb 2017 GSoC Archive 2016 Retrieved 11 Feb 2017 Bringing OpenKeychain Support to K 9 Mail Retrieved 11 Feb 2017 Cure53 Security Audit PDF Retrieved 11 Feb 2017 OpenKeychain Wiki Cure53 Security Audit GitHub Retrieved 11 Feb 2017 Why APG is no longer supported Archived from the original on 12 February 2017 Retrieved 11 Feb 2017 External links editOfficial website nbsp GitHub repository of OpenKeychain OpenKeychain on Google Play OpenKeychain Android package at the F Droid repository Retrieved from https en wikipedia org w index php title OpenKeychain amp oldid 1169483590, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.