Confirm you have the recipient\'s key.
Open PGPony and verify the recipient\'s public key is in your keyring. If not, import it first — from a key file they sent you, from a keyserver, or via whatever channel you have their key available.
// guide / send-encrypted-email
How to send an encrypted email from your phone.
Three minutes from a blank compose window to an encrypted email in the recipient\'s inbox. Works with any email app — Gmail, Apple Mail, Outlook, ProtonMail, iCloud Mail — via a copy-paste flow that doesn\'t need any plugin or special configuration.
// at a glance
- Recipient\'s public key in your keyring
- Compose body in mail app
- Copy body, switch to PGPony
- Encrypt + sign with recipient\'s key
- Copy ciphertext back into email
- Send
Prerequisites
- PGPony installed with your own PGP key
- The recipient\'s public key already imported into PGPony
- Your email app (Gmail, Apple Mail, Outlook, etc.) configured with your account
Compose the email.
Write the email body in your mail app — Gmail, Apple Mail, Outlook, ProtonMail, anything. Fill in To, Subject, and Body as normal. Do not send yet.
Heads up
The Subject line is not encrypted by PGP-over-email. Use a generic subject
like "Encrypted message" or topical-but-vague text. Detailed subjects leak content to mail
providers and anyone with metadata-layer access.
Copy the body.
Select all the body text and copy. PGP encrypts plain text — formatting will be lost in the encrypt round-trip, so don\'t worry about preserving rich text.
Switch to PGPony, paste, run encrypt.
Open PGPony and switch to the Encrypt tab. Confirm the Mode picker is set to Text. Tap Paste to drop your copied message body into the input field. Tap into Select Recipients and choose the recipient's public key (you can pick multiple recipients if Cc'ing). The signing toggle is on by default — leaving it on means the recipient can verify the message came from you. Tap Sign & Encrypt (or Encrypt Without Signing for confidentiality-only). Signing unlocks your secret key, so you'll be prompted for biometric or passphrase.
PGPony produces a PGP-armored block beginning with
-----BEGIN PGP MESSAGE-----.
Copy the ciphertext, paste back into email.
Copy the encrypted output. Switch back to your mail app on the same unsent compose window. Select all in the body, paste the encrypted block — replacing your plaintext entirely.
The email body now contains the PGP-armored ciphertext from
-----BEGIN PGP MESSAGE----- to -----END PGP MESSAGE-----.
Send.
Hit Send. The email leaves your mail app, traverses normal email infrastructure (SMTP → recipient\'s mail provider → recipient\'s inbox). The body is unreadable to anyone in the chain except the recipient.
On the recipient\'s side, their PGP tool detects the block, asks for their passphrase, and decrypts the plaintext.
Verify it worked.
- The Sent folder shows the PGP block as the body, not your plaintext.
- The recipient confirms successful decryption on their side.
- If you signed, the signature verifies against your fingerprint on the recipient\'s end.
Common questions.
Does the recipient need PGPony?
No. Any OpenPGP tool — GnuPG, GPG Suite, Mailvelope, OpenKeychain, FlowCrypt, iPGMail, PGPony, or others. The OpenPGP standard is the interop contract.
Is the subject encrypted?
No. Only the body. Subjects, sender, recipient, timestamps stay visible to mail providers. For metadata-sensitive use, Signal or a transport with sealed-sender semantics is a better fit.
Should I sign as well as encrypt?
Yes — the standard recommendation. Signing adds your verifiable signature on top of encryption so the recipient knows the content is both confidential and came from you specifically.
Works with Gmail?
Yes. The copy-paste flow is mail-app-agnostic. Works in the Gmail mobile app like in any other client.
What about attachments?
Encrypt attachments separately (see the file-encryption guide) and attach the resulting .pgp files. Body can be plaintext or separately encrypted.
Next steps.
Get PGPony
Free OpenPGP encryption for iOS and Android. No accounts, no tracking.