12-21-17 12:19 PM
52 123
tools
  1. bbschorsch's Avatar
    Hey folks,

    I've been playing around with the PGP encryption for BES12 over the last days and I feel that BlackBerry as the self-proclaimed most secure platform should offer PGP encryption to all their users and not only BES12 customers

    Since we've seen many petition over several topics regarding the BlackBerry system and apps I believe BlackBerry needs to know that people would love to use PGP if BlackBerry would build it into the system and make it easy for everyone to use.

    From my point of view we don't need a website to host this petition - we use crackberry instead - by simply liking this discussion you can show your support - there is no easier way than kicking the like button.

    Background info

    The current situation of PGP on BlackBerry10

    to show that we are not talking about something impossible I'd like to point out that BES12 users are currently able to encrypt as well as decrypt and sign their work emails with PGP.
    I've tested it and it works quite good - only problem is searching for a key online doesn't work at all even though the system has the option.

    unfortunatly you are not able to create the PGP keys on the BlackBerry Devices itself.
    You need to use the PGP suite for mac or windows and transfer the private key over to your device and get it into the work side, which is quite difficult since you can't access the work site via BB link.

    What the future should bring

    Since you know that BlackBerry already has part of the needed system in place I don't understand why they don't bring it to all BlackBerry10 users.
    What we need is a simple way to create PGP keys on the go on BlackBerry10 - we need to be able to upload them to public server as well as being able to search for keys on those public servers.

    And lastly all BlackBerry10 users should have the ability to choose if they want to encrypt their mails via PGP or not.

    For the future I'd believe that it would be an awesome model to offer PGP encryption for BBM on a monthly subscript base like we have BBMprotected right now for the BES12 customers.

    BlackBerry should allow ALL USERS to choose their level of privacy and encryption!

    so if you believe in my idea and want to support it please like the discussion, comment on it and please share it

    PGP integration on BlackBerry 10 for all users-img_20150304_150638.jpg
    PGP integration on BlackBerry 10 for all users-img_20150304_153512-2.jpg
    PGP integration on BlackBerry 10 for all users-img_20150304_160208.jpg
    Last edited by bbschorsch; 03-04-15 at 10:27 AM.
    03-04-15 09:32 AM
  2. deltact's Avatar
    It may be extended to all in 10.3.2
    http://forums.crackberry.com/showthread.php?p=11404743


    Posted via CB10 on Passport.
    03-04-15 10:29 AM
  3. bbschorsch's Avatar
    that would be awesome but what is still needed is a way to create you key on the go with your BB
    Paul Callahan likes this.
    03-04-15 11:05 AM
  4. MeerMusik's Avatar
    The Reason for it not to be available for non-BES User right now is, that BlackBerry is still using the PGP Function as a Selling Point these days.

    Yes I know it is unbelievable that a BlackBerry Device (OS) which claims to be the most secure one, is not even offering Standard Features like Call Blocking, PGP, S/Mime and other.

    The PGP + S/Mime Functionality has been built in the OS since 10.0 and was activated in 10.1 - but only for BES.

    The Beta NDA is still in effect so the only thing I can say is: You are not alone. This is one of the Most-Wanted Features.

    Maybe 10.4 will finally bring it for all. Hopefully. I mean stranger things have happened.

    Via CB10 App. STL100-2 @ 10.3.1.2267
    bbschorsch likes this.
    03-04-15 11:32 AM
  5. bbschorsch's Avatar
    charge us more for buying the devices and give us more security out of the box

    or sell it as a security add on for 5$ like we had the BB option on the os7 devices . . .
    and give us BBM protected and PGP for it
    lasouthern likes this.
    03-04-15 12:12 PM
  6. Smitty13's Avatar
    Thank you, bbschorsch for the well written post and bringing more attention to this issue.

    I will admit, PGP key handling is not the feature most users are falling over themselves to have, but it should be. We have seen unprecedented shifts from various companies towards a security centric approach, so it has puzzled me as to why my BBOS phone was able to handle S/MIME without issue, yet this feature was intentionally crippled in BB10.

    With all due respect to the PGpgp app, which has done admirably in filling in the PGP gap for is BlackBerry 10 users, PGP capabilities should be baked right into the OS itself without the need for BES.

    MeerMusik is right. This is unfortunately a "premium" feature and selling point for BES right now. I do however believe that PGP will one day (relatively soon) be considered a norm and not the exception to email. With free services (E.g. ProtonMail) baking PGP key handling right into their software, it is my hope that PGP key usage will increase worldwide. I do believe BlackBerry could be playing an integral role in this by giving this feature, for free, to non-BES users.

    The protocol email was originally built upon was/is fundamentally not secure. When one adds PGP to email, you have essentially gone from delivering a post card to using an armoured truck delivering your message (if implemented properly).

    I think it is time for BlackBerry to step up to the plate and deliver this feature to all users.

    Posted via CB10
    bbschorsch likes this.
    03-04-15 03:53 PM
  7. gariac's Avatar
    If you search Crackberry, there is a solution using k9 mail. Not very pretty. Its is GPG.

    I agree that today, BlackBerry should just give non BES users encryption since Android already provides that.



    Posted via CB10
    Paul Callahan likes this.
    03-05-15 03:15 AM
  8. gariac's Avatar
    It may be extended to all in 10.3.2
    http://forums.crackberry.com/showthread.php?p=11404743


    Posted via CB10 on Passport.
    Tickerguy is the person that figured out how to put k9 mail on bb10 and then add gpg.


    Posted via CB10
    03-05-15 03:17 AM
  9. bbschorsch's Avatar
    K9 is a android port running inside the sandbox.
    This is what I call an insecure and user unfriendly version. Everyone who ever used PGP on BES knows how convenient using it can be. And that's what we need. Paired with checking the public servers instead of only using the symantec key servers...

    Posted via CB10
    03-05-15 10:04 AM
  10. Smitty13's Avatar
    K9 is a android port running inside the sandbox.
    This is what I call an insecure and user unfriendly version. Everyone who ever used PGP on BES knows how convenient using it can be. And that's what we need. Paired with checking the public servers instead of only using the symantec key servers...

    Posted via CB10
    I'd have to agree. After having used PGpgp (http://appworld.blackberry.com/webst...ntent/47148895) I would say that it is currently the best solution for non-BES BlackBerry 10 users. It is native, you can customize what key servers it pulls from, and is well worth the $2.99 in my opinion.

    Posted via CB10
    03-05-15 11:40 AM
  11. gariac's Avatar
    But that app isn't integrated into the email. Can you explain how it is used? The description sounded like cut and paste.

    Posted via CB10
    bbschorsch likes this.
    03-05-15 03:58 PM
  12. Smitty13's Avatar
    But that app isn't integrated into the email. Can you explain how it is used? The description sounded like cut and paste.

    Posted via CB10
    Hey there. You're right it isn't directly integrated into your email accounts. Essentially using this app you would compose your message directly within the app (under the Encryption tile) then select the public key you wish to encrypt the message for.

    At this point you have the option of hitting the "mail" button where it will directly export your PGP encrypted message to a new email screen (also where you can select your email account to send with). Conversely you can also hit the three dotted buttons in the lower right corner and hit "share" which can export your entire message to other applications, such as BBM if you were inclined to do so.

    Posted via CB10
    03-05-15 04:18 PM
  13. gariac's Avatar
    How about the reverse direction? That is get email on to the app to decrypt.

    The forward direction (sending encrypted text) sounds tolerable.

    Posted via CB10
    03-05-15 05:57 PM
  14. Smitty13's Avatar
    How about the reverse direction? That is get email on to the app to decrypt.

    The forward direction (sending encrypted text) sounds tolerable.

    Posted via CB10
    Hey, good question. The decryption is actually very tolerable too. Swipe down from the top of the app and go to Settings, enable the "Auto action from SHARE / OPEN".

    With this enabled you can now open your emails from the Hub as you always would, but now if you click the three dots button in the lower right corner, you'll see "Share PGpgp" which will import the received encrypted message into the app for decryption.

    While it is not perfect, I have found this system to not be very cumbersome. The developer is active in development so I expect to see more ease of use in the future.

    Posted via CB10
    03-05-15 06:12 PM
  15. gariac's Avatar
    OK. As long as it doesn't involve cut and paste, I guess it will be tolerable. I will put this on the TBD list.

    Posted via CB10
    03-05-15 10:40 PM
  16. bbschorsch's Avatar
    I just discovered that BlackBerry did not even put PGP into all their BES12 apps - it seems it's a BlackBerry10 only feature. . . pretty sad to see that
    03-09-15 09:44 PM
  17. Prem WatsApp's Avatar
    I just discovered that BlackBerry did not even put PGP into all their BES12 apps - it seems it's a BlackBerry10 only feature. . . pretty sad to see that
    So "no security" for AndriOS...? 8-o

      "Oh Classic, you are the fairest here so true. But Passport is a thousand times more powerful than you..." (no offense, Classic is a great device, when it's charged)  
    03-10-15 12:42 AM
  18. polytan02's Avatar
    Hello,

    This threads is really interesting to me as native PGP would be excellent on my Blackberry Passport (and other BB10 devices actually).

    Here is what I have managed to do, so far, but I think that Blackberry is actually blocking the last step, sadly. Otherwise I would have PGP support without BES12, nearly out of the box.

    A little bit of background first : I self-host my web services.
    For a few years, I wanted to be out of google and co and try to "contain" my privacy at best. No easy these days, especially that I still want to be connected.

    I have a VPS in Europe (2/months !) with Debian on it.
    On top of, I installed Yunohost layer (yunohost.org for the curious ones), which gives nearly out of the box :
    - Imap (for emails)
    - carddav (for contacts)
    - caldav (for calendars)
    - Other web app such as Owncloud (files sharing), Roundcube (webmail) and lots of other excellent web app.

    Recently, I have installed z-push, which is an ActiveSync php layer between imap+carddav+caldav and my Blackberry.

    Thanks to z-push, I can install in one go and very easily an account on a BB10 device.
    Great.
    And I get push notifications, which is even better.

    Since I'm running 10.3.2.2204 on my Passport, I noticed immediately the PGP extention in the parameters -> safety and in emails, but I've never been able to activate it.
    Since I have ActiveSync, I suppose my Blackberry believes it is a pro account with microsoft server and it now lets me activate PGP.

    I have installed openkeychain (OpenKeychain from F-Droid) and generated a new set of public/private keys.

    I saved this key on my phone and installed it on my phone via the parameters -> security -> PGP section. WORKING
    Then I grabbed a public key from a kind contact (he has a working PGP installation) and installed it in my Passport. WORKING

    Following this, we ran a few tests :
    - Signing an email from the Blackberry (apparently working)
    - Verifying a signed signature from the Blackberry (apprently working)
    - Crypting an email from the Blackberry (apparently working)

    When I say "apparently working", it means that the desktop software of my friend tells him it is actually signed or cryted.

    But I cannot uncrypt an email.

    I have to say, all of this is extrememy frustrating and I suppose that there is nothing missing for it to work. It is all there but Blackbery is blocking it in the system.

    I should try with a newer system as soon as I find one.

    Any thoughts on what I can do to try making this working ?
    Could someone using PGP and BES12 contact me in private for us to make a test by any chance ?

    Obviously, my self hosting server is small and simple tool, which suits me, for a private use. I cannot (and I don't want to) install a windows serveur+license with a ActiveSync server+licence with a BES12 serveur and Symantec crap on top of this
    ArchGalileu likes this.
    08-13-15 08:10 AM
  19. polytan02's Avatar
    I have done a test with a friend on Blackberry 10 too .... and it seems that native PGP works for us !

    The only thing is that we cannot decrypt emails coming from other people.... Quite limiting
    08-13-15 02:13 PM
  20. rthonpm's Avatar
    I have done a test with a friend on Blackberry 10 too .... and it seems that native PGP works for us !

    The only thing is that we cannot decrypt emails coming from other people.... Quite limiting
    You need to have the public key for any recipient you want to decrypt messages from. It's how Public Key Infrastructure works.

    Posted via CB10
    08-14-15 06:20 AM
  21. polytan02's Avatar
    I may have express myself wrongly : obviously yes, I do have other people public keys installed in my BlackBerry.

    What I was saying is that two BlackBerry can exchage and decrypt emails with PGP, but not with emails coming from outside a BlackBerry system (such as Android, thunderbird, etc)

    Posted via CB10
    08-17-15 01:43 PM
  22. sparkaction's Avatar
    Bb10 users can now choose to encrypt an email via pgp? This is done on an ad hoc basis?

    Does the bb10 automatically decrypt pgp encrypted emails so long as you have the proper key?

    Posted via CB10
    08-17-15 03:35 PM
  23. polytan02's Avatar
    Hi,

    My experience, so far, is the following :
    - you can use an Android app (openkeychain in my case) to generate your private key and get public keys for your contacts on public servers
    - or you can import keys exchanged by email (not very good practise for the private key...)
    - anybody can add pgp private and public key to their phone by going to parameters -> security -> pgp (I'm running 10.3.2.x)
    - if you have an ActiveSync account (whatever supplier apparently, mine is just a php frontend for standard imap+carddav+caldav), then you have an option available to use pgp in your email app
    - so far, I have been able to sign, crypt, check signature and decrypt emails with other BlackBerry 10 phones with pgp
    - so far I can only sign, crypt and check signature with people not having BlackBerry 10 , I cannot decrypt their messages even if I have their public key


    Posted via CB10
    08-17-15 04:00 PM
  24. ramirom's Avatar
    - so far I can only sign, crypt and check signature with people not having BlackBerry 10 , I cannot decrypt their messages even if I have their public key


    Posted via CB10
    i am no expert but i think you got it all wrong.

    you dont need someone public key to decrypt a message, the message comes encrypted to you, and only you with your private key can decrypt it.

    a public key is for encrypting a message for someone else to decrypt with their private key.
    08-17-15 07:46 PM
  25. polytan02's Avatar
    And you are correct, I don't need their public key for this.
    If anything, I would need it to check their signature.

    In any case, I cannot decrypt messages coming from something different than a BlackBerry phone (and using my public key to crypt)

    I can decrypt messages coming from a BlackBerry phone. It's actually quite nicely implemented, all smooth and nearly completely transparent for the user.

    Posted via CB10
    ramirom likes this.
    08-18-15 12:48 AM
52 123

Similar Threads

  1. New BlackBerry 10 Slider Rumored Spec's.
    By AtInsider in forum BlackBerry Priv
    Replies: 95
    Last Post: 06-10-15, 06:05 PM
  2. Why I have interest for the Leap
    By piquepoc in forum BlackBerry Leap
    Replies: 7
    Last Post: 03-05-15, 12:30 PM
  3. Replies: 3
    Last Post: 03-04-15, 02:37 PM
  4. Verify BlackBerry ID
    By Ayla Pnx in forum BlackBerry Z10
    Replies: 1
    Last Post: 03-04-15, 09:27 AM
  5. Gmail on Hub not pulling contacts properly
    By davefromcm in forum Ask a Question
    Replies: 0
    Last Post: 03-04-15, 08:55 AM
LINK TO POST COPIED TO CLIPBOARD