Note: The mailbox.org Guard is designed to work with your main email address. It is not intended to be used in combination with aliases.
When you activate the Guard, a PGP key pair is automatically generated for you. A key pair consists of a public key (for encryption) and a private key (for decryption). Access to your private key is secured with the entered password, which does not have to be the same as the login password. Thus mailbox.org-Guard is already fully functional.
In the key management (under "Settings -> mailbox.org Guard security -> Advanced settings") you can download the keys (pairs) generated on our server and - if available - import them into your local PGP installation or your local mail client. This allows you to access the encrypted e-mails in the web client as well as in the mail client.
If you have your Guard deactivated by support in the future (e.g. if you have forgotten the Guard password), the PGP keys stored in the Guard will also be deleted when you deactivate it. To still be able to access your encrypted e-mails and data in this case, it is necessary that you store a backup of the key pair in a secure location (e.g. locally, in an encrypted container).
Note: if you reset the mailbox.org-Guard, it will not deactivate your existing inbox encryption.
In this case, make sure that you are still in possession of the corresponding private key!
To activate the Guard, open the mailbox.org office and click on your initials in the upper right corner. Select "Settings" in the following menu. Now select "Security" - mailbox.org Guard and click on "Start":
Now set your guard password:
Attention: the password set here is NOT your login password. It cannot be reset in case of loss! It therefore makes sense to secure the generated keys afterwards.
If everything worked as expected, you should see the following window:
Now you have several options:
- All e-mails you send are encrypted by default. If no key is available for the recipient, a guest mailbox is created for this recipient and a corresponding e-mail is sent.
- All e-mails sent are signed with your personal key. The recipient can check the signature for authenticity.
- PGP Inline is the "old" way of encrypting e-mails using PGP. More modern is PGP-Mime. Only check this box if recipients have problems with decryption.
- Here you can set how often the Guard password should be queried.
- Here you can change the password for the Guard. You need the previous password.
- Here you have the possibility to download your keys. Secure your private key and keep it in a safe place. If you forget your Guard password, we only can delete your Guard completely. If you do not have a copy of your private key, you can no longer decrypt messages that have already been encrypted then. This also applies to encrypted data in the drive. To download the private key, click on "Your keys" and then on the download icon.
Attention: we do not have a plain text copy of your key and password!
If you forget the key password you have chosen or completely delete the key you have used and do not keep a backup copy, all encrypted e-mails or files will be irretrievably lost!
We can't help you in this case either! A password reset for the key or a recovery of encrypted e-mails or files is unfortunately not possible.
Usage of own PGP keys
If you already use a PGP key pair for your mailbox.org address, you can upload this key pair in the key management and use it to replace the keys generated by the Guard during initialization. You can also decide whether to upload only the public key to make it available to other Guard users, or also upload your private key. To be able to read your encrypted e-mails in the Web client, your private key must have been uploaded by the Guard.
Attention: if you want to use your own PGP key in the Guard, this key must contain your main mail address at mailbox.org as user ID. You can find more information about uploading your own keys in our FAQ.