GrapheneOS does not include GPG by default, so you need to install a PGP app:
- Termux (For command-line PGP operations)
- OpenKeychain (Graphical PGP management)
- PGPainless (For XMPP-based encrypted messages)
If you prefer the command-line, install GnuPG via Termux:
pkg update && pkg upgrade
pkg install gnupggpg --full-generate-keyFollow the prompts:
- Select RSA (default).
- Choose a key size (4096 recommended).
- Set an expiration date or choose "no expiration".
- Enter your name.
- Choose a strong passphrase.
If using OpenKeychain:
- Open OpenKeychain and go to Manage Keys.
- Click + Create Key.
- Enter your name and email.
- Set key strength (4096-bit RSA recommended).
- Save and back up your keys.
gpg --list-keys- Go to Manage Keys to see all stored keys.
gpg --armor --export "Your Name" > public_key.ascgpg --armor --export-secret-keys "Your Name" > private_key.asc- Go to Manage Keys → Select Key → Click Share.
- Export the .asc file and transfer securely.
gpg --import public_key.asc- Go to Manage Keys → Click Import Key.
- Select the key file and import it.
echo "Your secret message" | gpg --armor --encrypt --recipient "Recipient Name"- Go to Encrypt Message.
- Select recipient’s public key.
- Type your message and encrypt.
gpg --decrypt file.txt.asc- Open OpenKeychain and go to Decrypt Message.
- Select the encrypted text or file.
- Enter your private key passphrase.
echo "Verified message" | gpg --clearsigngpg --verify file.txt.ascgpg --symmetric --cipher-algo AES256 file.tar.gzgpg --output file.tar.gz --decrypt file.tar.gz.gpggpg --export --armor > all-public-keys.asc
gpg --export-secret-keys --armor > all-private-keys.ascgpg --import all-public-keys.asc
gpg --import all-private-keys.ascFor encrypted messaging with PGP:
- Use Conversations + OpenKeychain for XMPP with PGP encryption.
- Use FairEmail for PGP-secured emails.
- Use Delta Chat for encrypted email-based chat.