Posted 6 months, 2 weeks ago
p≡p security has introduced five major improvements to new versionsof the p≡p applications for Android and Outlook; the biggest change is KeyImport, which allows the easy and safe import of existing keys from p≡p applications and OpenPGP-based applications. Additionally, p≡p for Outlook now also includes the option of attaching a disclaimer to encrypted messages as well as using Force Protection to force encryption for receivers. p≡p for Outlook and p≡p for Android also add a feature to passive mode, and p≡p for Android has the newer Material Design from Google.
KeyImport (p≡p for Android and p≡p for Outlook)
KeyImport is designed for p≡p users who exactly know from which device they would like to import a private key. One possible solution is to install p≡p for Android out of the Google Play Store or F-Droid, and then take the existing keys from a desktop device. The transmission of these secret keys works through the common email channel of both devices – though in a secured manner: first keys are automatically negotiated, and users are asked to check Trustwords on both devices to authenticate the process. Only when a secure channel has been established will the actual secret keys be transmitted. Within p≡p, KeyImport is particularly simple: This is currently possible via the installation of Android-Android, Android-Outlook, and Outlook-Outlook client pairs.
Force Protection (p≡p for Outlook)
Business circles have requested a mechanism to ensure that end-to-end protection is enabled in the first message that is sent. Should a message be sent to an address for which no public key exists, the sender can ask the receiver to install p≡p for Outlook. Alternatively, the receiver is asked to download and install the free p≡p reader, allowing him or her to simply read the encrypted message. In both cases the force-encrypted message can be read after establishing trust with the sender.
Encrypted Disclaimer (p≡p for Outlook)
It is often customary in organizations for employees to attach certain information as signatures or disclaimers at the end of emails. In most cases, this is only added after the message has been sent, in other words only after the message has been encrypted by the p≡p add-in. The new version of p≡p for Outlook supports the organization-wide sending of encrypted disclaimers.
Material Design (p≡p for Android)
In newer versions, the user interface has been completely replaced with Google's Material Design, providing a look and feel similar to current Android apps.
Passive Mode (p≡p for Android and p≡p for Outlook)
Some organizations prefer to not actively attach public key material to all outgoing emails. When passive mode is enabled, public key material will only be attached to a message if p≡p detects that the recipient is also using p≡p.
KeyImport for Enigmail/p≡p is currently still in development. Private keys can still be manually imported from other devices via a workaround in Enigmail. On the other hand, it is already possible to import keys from Enigmail in a p≡p for Android or p≡p for Outlook installation via KeyImport.
p≡p for iOS is now running stably after around two years of development and internal testing, and is about to be released. One version has already been delivered to Apple's App Store for testing. Anyone who would like to take part in final beta testing can email firstname.lastname@example.org.
p≡p sync, which allows for a simple, automatic, and secure synchronization of secret key material between multiple devices, has recently been implemented in a new version of the p≡p engine, and is also now in the testing phase. The applications, including the Enigmail add-ons for Thunderbird (with Enigmail/p≡p-mode), have already been prepared for p≡p sync, so that p≡p sync can be activated on all platforms once testing has been successfully completed. This will make it possible for anyone to read and send encrypted messages transparently on several devices in a user-friendly manner.