Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


This software system allows you to decrypt and sign your e-mails with your smartphone instead of using a contactless smartcard. The smartphone communicates with your PC via NFC (as a contactless smartcard would).

Alt text

The associated bachelor's thesis can be found here:

Warning: This is just proof-of-concept code and should NOT be used in production environments

Tested platforms:

  • Android 4.4 Kitkat on Nexus 5
  • Android 4.4 Kitkat on LG G2 Mini

The Android app only works on Android 4.4 Kitkat and higher.


Build status on Travis CI: Build Status

To create this app, eclipse was used.

To use the app, build it using the makefile in the following way:


I used adt-bundle-linux-x86-20131030 as SDK. The OS on which I build the app is Debian Jessie (32 Bit).


Executing the command

make Android-install

will install the app on your smartphone. Make sure it is connected to your PC and USB debugging is enabled!


For usage, see page 48 and following of the bachelor's thesis.

To get a certificate onto the smartphone, you may use the Makefile.

This will create the PKCS15 files on the smartphone:

make create-pkcs15-files

This will generate a 2048 Bit RSA Key on the smartphone:

make generate-key

This will show you the slot id, which you might need for the next step if it is not 01:

make show-slot-and-id

This will create a Certificate Signing Request. You may specify the information for the distinguished name and the slot, if necessary:

make create-csr

So in the end you could do something like:

make create-csr SLOT=02 COMMON_NAME="Erik Nellessen" EMAIL_ADDRESS=mysecretemail@doesnt.exist

You can have a look at the CSR by executing:

make show-csr

Now you need to sign the certificate signing request with a CA. The Makefile target creates a demo CA using openssl. After that, it signs the certificate. You may specify the path to your openssl.cnf in the OPENSSL_CONF environment variable.

make get-cert

The last step is to store the certificate on the smartphone:

make store-certificate

Now you can configure Thunderbird/Icedove as described in the bachelor's thesis on page 51 and start decrypting/signing e-mails!

Have fun!


No description, website, or topics provided.



No releases published


No packages published