How to encrypt files on Android for free with OpenKeyChain

At a glance:

• OpenKeyChain is a free, open‑source Android app that lets you encrypt and decrypt files using public‑key cryptography.
• The app supports QR‑code key exchange and can store encrypted files locally or on Google Drive with a .gpg extension.
• Encryption workflow requires creating a personal key pair, importing recipients' public keys, then using the Encrypt/Decrypt screen to process files.

What OpenKeyChain offers

OpenKeyChain brings desktop‑grade public‑key encryption to Android without a price tag. The app implements the OpenPGP standard, allowing users to generate a private/public key pair directly on their device. Because the keys never leave the phone unless you export them, the solution is well suited for users who take mobile security seriously. The interface is deliberately simple: a three‑dot menu opens a Manage my keys screen where you can create a new key pair with a wizard, import public keys, or delete existing ones.

Creating and managing keys

To start, open the Keys tab, tap the three‑dot menu in the upper‑right corner, and select Manage my keys. Press CREATE MY KEY and follow the step‑by‑step wizard, which asks for your name, email address, and a passphrase that protects the private key. Once the key pair is generated, it appears in the My Keys list. You can then import a recipient’s public key in two ways: if the other party also uses OpenKeyChain, you can scan the QR code displayed in their app; otherwise, you must obtain a .asc or .pgp file from them and import it via My Keys > + > Import from File.

Encrypting a file for yourself or others

After both your own key pair and the recipient’s public key are in place, navigate to the Encrypt/Decrypt screen via the three‑line menu. Tap Encrypt files, choose the key you want to encrypt to (your own for personal storage, or the recipient’s public key for sharing), and then press Add file(s) to locate the document on your device. Once selected, tap the tiny save icon, pick a folder, give the encrypted file a name, and confirm. The app saves the output with a .gpg extension. If you encrypt with your own key, the file can be stored on Google Drive; the public key remains on your phone, so the encrypted file stays unreadable to anyone who only accesses the Drive account.

Decrypting files on Android

Decrypting follows the same screen. Open Encrypt/Decrypt, tap Select input file under the Decrypt/Verify section, and browse to the .gpg file you wish to open. OpenKeyChain will prompt you for the passphrase associated with the private key that matches the file’s encryption. After entering the correct passphrase, the file is decrypted and can be opened with the appropriate Android app (e.g., a PDF viewer for documents). The process works whether the file originated on the same device or was received from another OpenKeyChain user.

Security considerations and best practices

Even though OpenKeyChain encrypts files robustly, the .gpg files are still visible in the file system. An attacker who gains physical access to the phone and knows the app is installed could locate these files, but without the private‑key passphrase they cannot decrypt the contents. To reduce the risk of accidental exposure, store encrypted files in less obvious directories and avoid naming them with obvious warnings. Additionally, always back up your private key securely—losing the passphrase means permanent loss of access to any files encrypted with that key pair.