Somebody asked me today for a response to the following comment which they had read:
“Never store your private PGP key on your mobile phone. In other words, do not encrypt/decrypt work emails on your smartphone. Rationale: Mobile phones are inherently insecure because the baseband processor on your phone always has potential access to your data.”
This was shortly after I’d mentioned that I use PGP on my phone. Well, it might surprise you to learn that on Android at least, you can use PGP without giving the phone access to your keys.
A little known fact about the Yubikey Neo is that you can transfer your PGP subkeys to it and use it as a smartcard. The Neo (not the Neo-N) also has NFC support. If you combine this with an Android phone which supports NFC, the Android OpenPGP manager OpenKeychain, and the Android email client K-9 Mail, you get yourself a setup which allows you to decrypt/sign mail on your phone without your phone ever having access to your keys.
When I attempt to sign or decrypt an email in K-9 Mail, it hands me off to OpenKeychain, which pops up a message asking me for my Yubikey Neo smartcard pin code. I enter the pin code and it then asks me to hold the Yubikey to the NFC sensor. At this point, the phone powers and communicates with the Yubikey using magnetic induction. It sends the pin code and the material to decrypt/sign, the Yubikey then decrypts/signs it on-board (assuming the pin code was correct), and sends the result back to the phone. OpenKeychain then hands this information back to K-9 Mail where it is displayed/sent.
This process may sound a bit convoluted, but it’s not so bad. You can configure OpenKeychain to cache the pin code so at least you don’t have to enter that each time. Then it’s just a case of holding the Yubikey up to the back of the phone for 1-2 seconds each time you want to perform a PGP operation. Here’s a quick video I made up demonstrating the process on my OnePlus One:
No matter how compromised my phone is, it can’t get access to my PGP keys. Of course, if my phone is compromised and I decrypt a message on it, the attacker can access the plain text at that point.