Utimaco u.trust LAN Crypt for Android - Help

What is Utimaco u.trust LAN Crypt for Android?

What is Utimaco u.trust LAN Crypt for Android?

Utimaco u.trust LAN Crypt for Android enables users to work with their encrypted data remotely, by using their mobile devices, such as smartphones or tablets.

With transparent file encryption on Windows / MacOS, Utimaco u.trust LAN Crypt enables the secure exchange of confidential data within authorization groups in small, medium and large organizations. Numerous companies, business organizations and the public administration in Germany and worldwide are already relying on Utimaco u.trust LAN Crypt.

A Security Officer (SO) determines centrally, which files and storage locations should be protected by Utimaco u.trust LAN Crypt and defines which users are allowed to have access to specific data by setting one, or several encryption rules. As an example, the Security Office (SO) can ensure that all Word documents in a specific file storage path, are encrypted, by creating an encryption rule on the defined path e.g. "\\Servername\Files\*.docx". As soon as this rule is transferred to the client computer via a policy file, created with the Utimaco u.trust LAN Crypt Administration console, all Word documents in this path will be encrypted from now on. Additionally, you can combine one or more encryption rules to one encryption profile.

This applies to all files, independently of where the files are stored. You can access all Utimaco u.trust LAN Crypt encrypted files that are either stored locally, on a network storage or on a remote storage (e.g. cloud storage). A user can easily access the same Utimaco u.trust LAN Crypt encrypted files, that are also available on his workstation computer.

This second release of Utimaco u.trust LAN Crypt for Android allows the user to open, edit and save encrypted files and access them per se and moreover extends the usual Utimaco u.trust LAN Crypt security infrastructure by using certificates (.p12 files) and policy files (.xml.bz2) on mobile devices.

Utimaco u.trust LAN Crypt for Android version 2.0 supports Android 11 / 10 / 9 / 8.

Utimaco u.trust LAN Crypt for Android is currently available in German and English.

Which Android Versions are supported by u.trust LAN Crypt?

Which Android Versions are supported by u.trust LAN Crypt?

Supported encryption algorithms for file encryption

u.trust LAN Crypt supports the following encryption algorithms:

  • AES-256 Bit (XTS-Mode)
  • AES-256 Bit (CBC-Mode)
  • AES-128 Bit (XTS-Mode)
  • AES-128 Bit (CBC-Mode)

Supported encryption algorithms for Key-Wrapping

u.trust LAN Crypt supports the following encryption algorithms for Key-Wrapping:

  • AES-256
  • AES-192
  • AES-128
  • 3DES
  • DES
  • RC4

Note: With Key-Wrapping (default setting), the transport key of the Security Officer data and the user profile data will be encrypted with a randomly generated session key using the selected algorithm (AES is used by default). This key in turn is RSA-encrypted using the public key from the certificate.

Note: Please note, that in comparison to Utimaco u.trust LAN Crypt for Windows, the algorithm "RC2" is not supported by u.trust LAN Crypt If the Key-Wrapping for your policy file is set to this algorithm, the policy file cannot be used with u.trust LAN Crypt. In that case, you have to change the Key-Wrapping encryption algorithm and choose an algorithm that is supported (e.g., AES-128).

Note: If you are using a security token, please make sure that the middleware you are using, also supports the selected Key-Wrapping encryption algorithm. You might need to update the middleware, if you are using a security token.

General Preparations

General Preparations

For security reasons, please always activate the screen lock on your Android device before using this app. You cannot run u.trust LAN Crypt without an activated screen lock. Never use an easy-to-guess password, such as "1234" or "password". Only with a strong password you can prevent unauthorized access to your confidential data, in case your device is lost or stolen. In general, Utimaco recommends to delete all App-Data on your Android device, if the device is not in use for a longer period of time, or if you exchange your device for a new one (see Delete App-Data).

Note: If you deactivate the screen lock later, u.trust LAN Crypt deletes the certificate and the private key file from the certificate storage of your Android device.

Note: Rooted devices are not supported by u.trust LAN Crypt.



Tap the gear icon at the bottom of the app to open the settings. The settings are divided into the following sections:


What are Utimaco u.trust LAN Crypt Policy files?

A Security Officer (SO) determines centrally, which files and storage locations should be protected by Utimaco u.trust LAN Crypt and defines which users are allowed to have access to specific data, by setting one or several encryption rules. Each individual encryption rule consists of an encryption path, a key and an encryption algorithm. Utimaco u.trust LAN Crypt policy files contain all encryption rules, that the user requires, in order to be able to work with encrypted data. For the user to be able to use the policy file, he/she needs a certificate, which will be provided to him/her as a key file (.p12 file) by the Utimaco u.trust LAN Crypt Security Officer. The key file contains the certificate and the private key of the user. The access to the key file is secured by a password. The user will receive the password through his Security Officer.

Before importing the policy file and the key file to the mobile device, both files have to be copied to a location that is accessible by the mobile device. This can be a private folder on OneDrive or a network share. Alternatively, you can copy the key file directly to the storage of the mobile device, by connecting it to the PC via USB or Bluetooth.

Import your policy file

Open the u.trust LAN Crypt App on your mobile device. Tap the gear icon at the bottom of the app to open the settings. Click the IMPORT button on the Import Utimaco u.trust LAN Crypt policy screen and select the location that contains the policy file. Select the policy file. The policy file will be imported into your mobile device.

Import your certificate (.p12 file)

Open the u.trust LAN Crypt App on your mobile device. Tap the gear icon at the bottom of the app to open the settings. In the selection box, click the IMPORT button on the Import user Certificate screen, and choose the location that contains the certificate key file (.p12 file). Tap the certificate key file (.p12), which will be indicated by a finger print icon. Into the dialog box, enter the password of your certificate, that you have received from your Security Officer. Once you have entered the correct password, the certificate and the corresponding private key will be saved to the storage of your Android device.

Note: u.trust LAN Crypt 2.0 also supports referencing multiple user certificates in the policy file. In order to be able to use the policy file, the user must have at least one of the certificates that have been issued to him and whose public key is used to encrypt the policy file, and of course he must also have imported it.

Select the default encryption key

If you want to encrypt new files with u.trust LAN Crypt, you must select a default encryption key first.

Open the u.trust LAN Crypt App on your mobile device. Tap the gear icon at the bottom of the app to open the settings. There, tap on the Select default encryption key option. All encryption keys available to you are listed in the right window. There, tap on the key that you want to use as the default encryption key. When you encrypt new files, those files are then encrypted with this key.

Note: You can change the default encryption key at any time. New files that you want to encrypt will always be encrypted with the selected default encryption key.

Rolling out policy files and certificates using MDM

Rolling out policy files and certificates using MDM

In addition to the app, you can use a Mobile Device Management (MDM) solution to import the individual configurations, (policy files and certificates) to make the configuration data available for the users. If you don´t have a Mobile Device Management (MDM) solution, then the configuration data (policy file and certificate) must be imported by each user manually, as described in the Import your certificate section of this document.

Note: If u.trust LAN Crypt is rolled out via MDM, the security officer's public certificate (.cer), which was used to sign the policy file, can also be provided on the mobile device in addition to the policy and user certificate. In this case, policy files imported manually by the user are also checked by validating the signature of the Security Officer certificate.

Deleting App Data / resetting u.trust LAN Crypt

Deleting App Data / resetting u.trust LAN Crypt

Resetting u.trust LAN Crypt

In u.trust LAN Cryptselect the option Delete App-Data in the app settings. This will delete all data stored in the u.trust LAN Crypt app, including the policy file, the user certificate and the private key. u.trust LAN Crypt will then be reset to factory defaults.

Working with encrypted data

Working with encrypted data

u.trust LAN Crypt enables you to access files stored on the device itself (local memory and also data stored on the inserted memory card), on network shares or in the cloud (e.g. on OneDrive or Google Drive). File access via u.trust LAN Crypt can be done directly or via the "Storage Access Framework (SAF)" for Android. SAF allows to use remote access provided by other apps installed on the same device. For example, the Utimaco u.trust LAN Crypt app can access the user´s data on OneDrive if the OneDrive app is installed. Similarly, access to Google Drive is then also provided if the associated app is installed on the mobile device, etc.

How to access encrypted data?

As already described in part, files on a mobile device can be accessed in various ways. This can be done via a native file browser app, a proprietary app for cloud storage (such as OneDrive) or – starting with this version – also from within the u.trust LAN Crypt File app. The first release of u.trust LAN Crypt already supports the first two access methods. u.trust LAN Crypt 2.0 now contains its own integrated file explorer. This means that (encrypted) files can now also be accessed directly via the dashboard, which are either on a local storage location, in a Windows share or on OneDrive´s cloud storage. You can also use the file explorer to see the encryption status of the files displayed there. If a file is marked with a green key symbol, it means that the file is encrypted and that you have the necessary key to open and edit this file. A red key symbol, on the other hand, means that the file is encrypted by Utimaco u.trust LAN Crypt, but you do not have the key required to open or edit this file.

Open files via the Utimaco u.trust LAN Crypt app, edit them and save them encrypted

To edit files, you can also load them directly from the Utimaco u.trust LAN Crypt app into any other app via the Open context menu. You can then edit the files. When you save them, they are then automatically encrypted by u.trust LAN Crypt.

Note: For editing Office documents, Utimaco recommends using the open source and free app "Collabora Office". This is based on LibreOffice, which is one of the best-known and most popular open source office applications worldwide.

To open an encrypted file, tap on Open file. In the file browser go to the location that contains the encrypted file you want to view. Tap the encrypted file and choose which app you want to use to open the encrypted file (e.g., Collabora Office). The file will be opened in the chosen application and displayed in a decrypted state. The file itself will remain encrypted at all times in the source location. All encryption and decryption steps take place on the Android device directly.



Logging functionality

u.trust LAN Crypt has a Verbose Logging feature. The usage of this feature is only intended for error analysis and should only be activated if you encounter any errors or problems with the u.trust LAN Crypt app.

Verbose Logging

The Verbose Logging feature can be activated or deactivated at any time in the settings of the u.trust LAN Crypt app. To activate Verbose Logging, open u.trust LAN Crypt on your device. Tap the gear icon at the bottom of the app to open the settings. Activate the Verbose Logging by moving the slider, for the Verbose Logging, to the right. The logging feature will be displayed as activated (red color). Take the necessary steps to reproduce the error, to create the log files.

Send logs feature

By using the Send Logs feature you can send the log files for analysis purposes to the Utimaco support team by email. To send the log files, tap the Send Logs button and open the app that you use for email communication. The log files will be attached and you can send them to support@utimaco.com.

To disable the Verbose Logging feature, move the slide button back to the left.

Technical Support

To access technical support for Utimaco products do the following:

All maintenance contract customers can access further information and/or knowledge base items at the following link https://support.hsm.utimaco.com/home

As a maintenance contract customer, send an email to technical support using the support@utimaco.com email address and let us know the exact version number, operating system and patch level of your Utimaco software and, if applicable, a detailed description of any error messages you receive or applicable knowledge base items.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      Your collection of download requests is empty. Visit our Downloads section and select from resources such as data sheets, white papers, webinar recordings and much more.