K-9 requires password for OpenPGP using OpenKeyChain?

I’m new to this and not sure if this is normal behavior, but when I send an encrypted email using K-9 email (for Android), K-9 requires my password for my OpenPGP encryption key stored on OpenKeyChain. K-9 will ‘remember’ the password with one of these three options: “until screen off”, “for one hour”, “for one day”, or “until cleared”.

Is this normal behavior for K9 to require the password be entered each and every time an encrypted email is sent with K9?

Hopefully I’m describing this correctly. I just would like to know if I am supposed to enter my OpenPGP credentials each time an encrypted email is sent using K-9 email. Thanks!

Yes.

Your key requires a password, therefore you need to provide it.

If you don’t like that, you could remove the password on a desktop or notebook and reimport the now passwordless key… DO NOT DO THAT. It compromises your security.

OpenKeychain can change or remove the password from a key on the device. There’s no need to copy the key to a “real” computer.

1 Like

Thanks all. So, to summarize, it is normal and expected behavior for the OpenKeyChain app and K9 app to require password credentials when sending an encrypted email. Do I have this correct?

Yes, if your OpenPGP key is protected by a password, then this is expected behavior.

Whether or not you protect your key with a password is your choice. You could remove the password from the key and then you won’t be asked for a password when sending encrypted messages.
Not protecting the key using a separate password means the key is only as safe as your Android device. If the device is encrypted (all modern Android versions have encryption enabled by default), you have a strong lock screen password, and the device isn’t stolen while it is unlocked, your key should be safe even without an additional password protecting it.

1 Like

Thank you, cketti! Great help and this question and issue is resolved for me. Thanks again!

However, if your device is set up to backup apps and their data to the cloud (Google Drive, …), your password-less key is out there.

The NSA and others have backdoor access to all cloud data stored in the US. Good luck with your encrypted emails with your key out there. (That is why I also disable OneDrive… Windows by default backs up your Bitlocker key to OneDrive)

OpenKeychain is configured to not allow the system-wide backup service (which uses “end-to-end encryption” in newer Android versions anyway) to back up its app-specific data. See open-keychain/AndroidManifest.xml at 6f38af15828e07f0186109a89b7aa57f54101cfa · open-keychain/open-keychain · GitHub

If you’re worried about the NSA targeting you, you probably shouldn’t use email at all. Sending an email leaks plenty of information even when only the intended recipient is able to read the message body.

For regular people none of that is relevant. And K-9 Mail is an app for regular people.

1 Like

I’m keeping a strong 25+ hexadecimal password on my private keys just to be safe!

Folks, I don’t think the NSA is targeting me (at least not that I know of). If they were, they probably can access whatever they want regardless of my password credentials or my encryption or the 4th amendment. But I’d like to make things as difficult or as impossible as I can for anyone or anything trying to violate my inherent privacy rights.