OpenKeyChain for Android installation and operation guide
OpenKeyChain is a free Android app for managing PGP keys and encrypting messages. This guide describes how to install and how to use OpenKeyChain on Android.
Installing OpenKeyChain on Android #
- Download OpenKeyChain from Google Play or install it using F-Droid.
- If you choose to install via F-Droid, it’s recommended to download and install F-Droid via your computer to ensure you’re downloading from a trusted source. You can find instructions and verify the checksum here: How to install F-Droid.
- Once F-Droid is installed, search for OpenKeyChain and install the app.
Generating keys in OpenKeyChain #
- Open the OpenKeyChain app and press +.
- Select the Create My Key option.
- Enter your nickname and press NEXT.
- Enter your non-existent email address and press NEXT.
- Click on the three dots and then select Change key configuration.
- Change the key’s password, which will be used to protect it, then change the subkeys to RSA 4096bit and press Save.
- Set the master key accordingly and press OK.
- Set the subkey accordingly and press OK.
- Press Save.
- Press CREATE KEY.
- Wait for the key to be created.
Backing up the private key in OpenKeyChain #
- Go to the key management screen, select your private key, and click Backup Key.
- Save the backup code, select the location where you want to save the key, and click Save Backup.
- Ensure the key is saved in a secure location.
A backup copy of the private key should be encrypted with VeraCrypt or TrueCrypt and placed on external media for protection against data loss.
Importing public keys in OpenKeyChain #
- Open the email or other communication containing the public key.
- Save the public key to a file with a .asc extension; importing a public key from the clipboard is currently not working.
- Open the OpenKeyChain app, select the Import from File option. Select the saved file and click Import.
- The app will import the key and display its details.
Encrypting messages in OpenKeyChain #
- Open the OpenKeyChain app and select Encrypt/Decrypt.
- Select the Encrypt Text option.
- Paste or type the text you want to encrypt.
- Select the recipient’s public key from the list of available keys. Then choose one of the options from the top bar: Copy to Clipboard or Share.
- After encrypting the message, copy the resulting text to the clipboard.
- You can now share the encrypted text in another app, such as via an instant messenger or save it to a file.
We do not need to import the public key again when encrypting the next messages. The key will be saved in the application files.
Decrypting messages in OpenKeyChain #
- Open the encrypted message in any text editor.
- Copy the encrypted text to the clipboard.
- Open the OpenKeyChain app and select Encrypt/Decrypt.
- Select the Read from Clipboard option. If prompted for a password, enter the password for your private key.
Signing messages in OpenKeyChain #
- Open the OpenKeyChain app and select Encrypt/Decrypt, then Encrypt Text.
- Select your private key.
- Paste the message content you want to sign into the text field, then click Copy or Share.
- You can now share the signed text in another app, such as via an instant messenger.
Avoid signing messages that seem universal. For example, a signed “I agree” or “It’s me” message can be saved and used to impersonate you in another conversation. Signed messages should be complete sentences describing the purpose and circumstances of the signature.
Verifying messages in OpenKeyChain #
- Open the signed message in any text editor.
- Copy its content to the clipboard.
- Open the OpenKeyChain app, go to Encrypt/Decrypt, then click Read from Clipboard.
OpenKeyChain will display the verification result, informing you whether the signature is valid.
If the key is not confirmed, it may be highlighted in orange. In such a case:
- Tap on the key owner.
- Tap the three dots in the top-right corner and select Confirm with Fingerprint.
- Check the key’s fingerprint to ensure it matches the expected fingerprint, then confirm the key.
- After confirming the key, the verification process should succeed.
We do not need to import the public key again when verifying subsequent signatures of the same author. The key will be saved in the app data files.