Reference Guide


CipherMail for Android is an Android application which can be used with your existing Android mail application to send and receive S/MIME digitally signed and encrypted email with an Android smartphone.

CipherMail for Android does not provide functionality to retrieve email. An existing Android email application with attachment support, for example Gmail or K9, should be used to retrieve the encrypted attached smime.p7m message.

In order to get you going quickly, the software will create a self-signed certificate during the installation process and some of the default settings are setup to make it easier for end users to start encrypting email. Self-signed means that the certificate is not validated by a Certificate Authority. We advise you to install a proper certificate after installation of CipherMail for Android.


While CipherMail for Android tries to be intuitive, some prior knowledge of S/MIME is advised before using CipherMail for Android.


Ciphermail for Android has the following features:

  • Encryption and digital signing with S/MIME 3.1 (X.509, RFC 3280).

  • Can be used with the Android Gmail application.

  • Compatible with existing S/MIME clients (like Outlook, Lotus Notes, Thunderbird etc.)

  • Message body and attachments are encrypted.

  • HTML email support.

  • Certificates are automatically extracted from incoming email.

  • Certificate revocation lists (CRLs) are automatically downloaded (LDAP and HTTP).

  • Certificate trust lists (CTLs) can be used to black or white-list certificates.

  • External LDAP servers can be queried for new certificates.

  • Can generate self-signed certificates for a private-PKI.

Ciphermail for Android can be installed from the Android Play Store ( On first use, a configuration wizard will be started which will guide you through the required configuration steps.

When starting CipherMail for Android for the first time, a setup wizard will be started.

The wizard can be re-run from the settings page by selecting Setup wizard from the application menu.

Main screen

The CipherMail main screen contains the following items:

  • Compose message

  • Certificates & Keys

  • Root certificates

  • Certificate Revocation Lists

  • Certificate Trust lists

  • Search certificates

  • Settings

  • Send My Certificate

  • Open message

Main screen

Compose message

On the Compose message screen, a new message can be created and sent. Before a message can be created, the following prerequisites are required:

  • Account must be set.

  • The SMTP host must be set

  • The signing certificate must be set.


For looking up recipient email addresses, the contacts permission is required. If the contacts permission is denied, email addresses cannot be looked up and must be manually typed.


Signing the message

When the Sign checkbox is selected, the message will be digitally signed with your signing certificate. Because signing a message requires access to a private key, the key store password must be provided.

Encrypting the message

When the Encrypt checkbox is selected, the message will be encrypted with the certificates of the recipients. Only valid certificates with a matching email address (i.e., the certificate email address matches the recipients address), are used. The message will be encrypted with your personal certificate as well to make sure that you are able to open the sent email.

If a certificate for a recipient cannot be found in the Certificates & Keys store, a warning message will be shown asking whether the LDAP servers should be searched for any certificates.

Bcc to self

If Bcc to self checkbox is selected, a copy of the email will be sent to your email address.