Skip to main content
BusinessPrivate
LoginRegister now

Answers for companies

The Business Knowledge Base is already largely up to date. A few individual articles are currently being revised and adapted. We thank you for your understanding and look forward to providing you with up-to-date information on using mailbox.

Please note: The knowledge base has changed slightly. Categories have been adapted and URLs stored in the old knowledge base may no longer be valid.

PGP mail encryption

PGP key management

Note: To use the features described in this article, you must have the mailbox Guard enabled. The mailbox Guard is designed to work with your main email address. It is not intended to be used in combination with aliases.

The mailbox Guard provides an administration for your own PGP keys and the public PGP keys of your communication partners. You can find this administration in your mailbox Office under All Settings | mailbox Guard:

Once mailbox Guard is enabled, two pairs of keys will be created. The keys are then used automatically by the software such that users do not normally need to concern themselves with them.

  • The master key (first key pair) will be used to sign emails. It can also be used for certification of other keys (web of trust), but this feature is not implemented in mailbox Guard.
  • The secondary key will be used for encryption and decryption of emails and files in Drive.

The PGP keys that have been generated on our server can be downloaded from the key management section. This is useful if you have a local PGP installation on your PC or mobile phone and would like to set up a mail client on these devices that uses the same keys. This will enable parallel access to your encrypted email both via Webmail and through your local email programs.

Import your own, existing PGP keys

You may replace the automatically created PGP keys on our server with your own. Note that any custom keys need to state your primary mailbox email address as UID. Users with critical security requirements should consider not uploading their private PGP key to our server but only the public key.

Please note: You must have a valid private key in place on the server in order to be able to read encrypted emails in the browser or open encrypted files on Drive.

Public keys of communication partners

You may also add the public keys you received from your communication partners here. Click on the “+” symbol in the public keys section to upload a public key.

Additionally, you may manage the public keys of your communication partners within the address book. Open the address book entry and upload a public key by clicking on the “+” symbol in the public keys list.

Supported maximum size of key files

Note: The file size of any public PGP keys uploaded to mailbox must not exceed 65 kilobytes, which is sufficient for most keys. However, if a key contains image data or very many signatures, the file may be larger, and this will likely cause upload problems.

To reduce the file size of an oversized key, open the file locally with the GnuPG key management tool and export a leaner version as follows:

gpg --armor --export-options export-minimal --export <yourKeyID> > yourFileName.asc

If you don’t have GnuPG available locally to export the key like this, please ask your communication partner to provide a smaller key file.

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe