I’m new to this and not sure if this is normal behavior, but when I send an encrypted email using K-9 email (for Android), K-9 requires my password for my OpenPGP encryption key stored on OpenKeyChain. K-9 will ‘remember’ the password with one of these three options: “until screen off”, “for one hour”, “for one day”, or “until cleared”.
Is this normal behavior for K9 to require the password be entered each and every time an encrypted email is sent with K9?
Hopefully I’m describing this correctly. I just would like to know if I am supposed to enter my OpenPGP credentials each time an encrypted email is sent using K-9 email. Thanks!
Your key requires a password, therefore you need to provide it.
If you don’t like that, you could remove the password on a desktop or notebook and reimport the now passwordless key… DO NOT DO THAT. It compromises your security.
Thanks all. So, to summarize, it is normal and expected behavior for the OpenKeyChain app and K9 app to require password credentials when sending an encrypted email. Do I have this correct?
Yes, if your OpenPGP key is protected by a password, then this is expected behavior.
Whether or not you protect your key with a password is your choice. You could remove the password from the key and then you won’t be asked for a password when sending encrypted messages.
Not protecting the key using a separate password means the key is only as safe as your Android device. If the device is encrypted (all modern Android versions have encryption enabled by default), you have a strong lock screen password, and the device isn’t stolen while it is unlocked, your key should be safe even without an additional password protecting it.
However, if your device is set up to backup apps and their data to the cloud (Google Drive, …), your password-less key is out there.
The NSA and others have backdoor access to all cloud data stored in the US. Good luck with your encrypted emails with your key out there. (That is why I also disable OneDrive… Windows by default backs up your Bitlocker key to OneDrive)
If you’re worried about the NSA targeting you, you probably shouldn’t use email at all. Sending an email leaks plenty of information even when only the intended recipient is able to read the message body.
For regular people none of that is relevant. And K-9 Mail is an app for regular people.
Folks, I don’t think the NSA is targeting me (at least not that I know of). If they were, they probably can access whatever they want regardless of my password credentials or my encryption or the 4th amendment. But I’d like to make things as difficult or as impossible as I can for anyone or anything trying to violate my inherent privacy rights.