Galaxy S II and email encryption Part 2

Since the stock email client doesn't have any facility to import or export a key from a key server, getting keys in or out of the phone is kind of a manual process. I've never had much success getting my phone to connect to my workstation via USB, so I used the sneakernet method using the microSD card to move things back and forth.

I wasn't able to get the stock mail client to use any of my existing keys that I imported, so I generated a new key to experiment with. Unfortunately, the new key is pretty much useless until it's pulled off the phone manually and uploaded to a key server (or distributed in some other fashion) so that other people can import it into their keyrings. Sure, you can sign messages with it, but nobody can verify the signature, and forget about encrypting anything. The same goes for other public keys. There doesn't appear to be any way of querying key servers for other keys either, so verifying or decrypting messages can't be done until their public key is put onto the phone in some other fashion and then imported into mail client.

Here's one way that the process could be done:

  1. Export your public key
  2. Use some app to open the .asc file containing the key and copy it
  3. Open up the website for your favourite key server and submit the key

Now your public key is out there for consumption. Kind of a cumbersome process. This is what I was doing:

  1. Export public key. Copy to microSD card.
  2. Unmount microSD card, remove from phone, mount on desktop.
  3. Import key into my regular keyring.
  4. Sign new key.
  5. Upload key to key server.
  6. Export ASCII armoured keyring to microSD card (if you're using GnuPG, make sure to specify the --openpgp flag).
  7. Unmount microSD card, put it back into the phone, remount microSD card.
  8. Import keyring into mail client.

Yeah, cumbersome. Repeat for any subsequent public keys you need to have on the phone.

Next up, let's see how the signing and encrypting parts work.