Skip to main content
BusinessPrivate
LoginRegister now

Answers for companies

The business Knowledge Base is currently being revised. Soon you will find updated content and expanded information here, giving you an even better overview of our products and services. We thank you for your patience and understanding.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

Managing PGP keys

  • Note: To use the features described in this article, you must have the mailbox Guard activated.

Important: The mailbox Guard is designed to work with your primary email address. Use in combination with aliases is not intended.

The mailbox Guard provides management for your own PGP keys as well as the public PGP keys of your communication partners. In your mailbox Office, you will find this management under Settings | mailbox Guard Security | Guard PGP Settings:

When activating Guard, two key pairs for your primary address are automatically generated. This means the mailbox Guard is already fully functional. If you are interested in the details, you will find the two automatically generated key pairs in the key management:

  1. The main key (the upper key in the section Your key list) is used for signing emails. It can also be used for certifying or signing other PGP keys (Web of Trust) – however, this function is not yet implemented in the mailbox Guard.
  2. The subkey is used for encrypting and decrypting email communication and files in Drive.

In the key management, you can download the keys (or key pairs) generated on our server and, if desired, import them into your local PGP installation or local mail client. This way, you can access encrypted emails both in the web client and in your local mail client.

Use your own keys

You can also replace the automatically generated keys with your own existing key pair. This key pair must include at least your active mailbox email address as UID. You can decide whether you want to upload only a public key (to make it available to other Guard users) or also store the private key on our server, in order to read encrypted content in the web interface.

Important: Reading encrypted emails in the web interface and opening encrypted files in Drive is only possible if the corresponding valid private key is available on the server.

Public keys of communication partners

In the key management, you can also manage the keyring with the public keys of your communication partners. You can find the list under Settings | mailbox Guard Security | Guard PGP Settings | List of public PGP keys. With a click on the + symbol, you can upload additional public keys (e.g. as .pgp or .asc file).

You can also manage the keys of your communication partners in the address book. For each entry in the address book, you can upload the associated PGP keys. To do this, open a contact in your mailbox Office address book. To add a new PGP key to this contact, click on the + symbol in the List of public PGP keys in the right-hand window and then select the corresponding file:

Uploading keys – maximum file size

Important: You can upload public keys with a maximum size of 65k. This is sufficient for most keys. If the key contains photos or many signatures and is larger than 65k, error messages may occur during upload.

To reduce oversized keys, you can import them into your local key management with GnuPG and then export them for upload using the option –export-options export-minimal:

gpg2 --armor --export-options export-minimal --export <your-key-ID> > key4upload.asc

If you do not have or do not want to use a local installation of GnuPG, you must ask your communication partner to provide such a minimal key.

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe