Skip to main content
BusinessPrivate
LoginRegister now

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

How to set up Mailvelope

Differentiation between Enigmail, Guard and Mailvelope

All these options can be used to manage PGP key pairs. PGP keys enable communication via end-to-end encryption. This must be distinguished from transport encryption, which only secures the connection between one device or server involved in the transmission of the mail and the next. Anyone who has access to a device involved in the mail transmission can read the content when transport encryption is used.

With PGP encryption, this is not the case. Here, only the receiving person can view the content. Within PGP encryption, there are different application scenarios with varying levels of security.

If you use a secure device (PC or laptop), you will achieve the highest level of protection with the combination of a local mail client and a local PGP management program (such as Thunderbird and Enigmail), since you always retain control over your private PGP key.

With Mailvelope, the private PGP key is passed to the browser. The browser can be seen as an intermediary between the device and the Internet. The disadvantages associated with this are explained and weighed at the end of this article.

The Guard integrates the possibility of managing PGP keys into mailbox Office. In this case, the private key is also stored on our servers. Of course, it is safe there and additionally protected by a password, but this does not meet all security requirements.

This guide will focus on the use and setup of Mailvelope. In our Knowledge Base, however, you will find many other useful articles on the topic of PGP encryption and the mailbox Guard.

Mailvelope – an overview

Mailvelope is a browser add-on that you can use in Firefox, Chrome and Edge to securely encrypt your mails with PGP when using webmail providers. If you use mailbox Office with Mailvelope, the following advantages arise:

  • PGP encryption is integrated into the browser, with your private PGP key never stored on our servers. You can easily encrypt, decrypt and digitally sign mails with PGP.
  • You can manage PGP keys on your computer.
  • The use of a local GnuPG installation in combination with Mailvelope is possible and increases security.

Info: Please note: Browser add-on solutions – and therefore tools like Mailvelope – may cause unwanted effects when using Drive or mail attachments.

You will find Mailvelope in the respective web store of your standard browser – Google Chrome, Mozilla Firefox or Microsoft Edge. You must confirm the necessary access permissions there so that Mailvelope works correctly. In the next section we have provided the links for Google Chrome and Mozilla Firefox.

Download Mailvelope

To use Mailvelope, you must install the appropriate browser extension. Select the link for your browser:

Further information and the current overview can also be found on the official project page: mailvelope.com.

Preparation and activation of Mailvelope

The Guard and Mailvelope

As explained above, Mailvelope is the counterpart to the Guard. If you are currently using the Guard, additional steps for migration are required.

  1. Follow the steps below to set up Mailvelope if mailbox Guard was not previously configured and there is no existing PGP key pair.

You will find the menu item for activating Mailvelope under the following path:

Path: All settings | Mail encryption | PGP in the webmailer

To use Mailvelope with mailbox Office, proceed as follows:


Figure 1: Screenshot coming soon..

As shown in the screenshot, select Encryption for experts with Mailvelope and click activate now. Please note the further steps for setup with Mailvelope.


Figure 2: Screenshot coming soon..


Figure 3: Screenshot coming soon..


Figure 4: Screenshot coming soon..

After installing the add-on, go to All settings | Mailvelope.


Figure 5: Screenshot coming soon..

You should now see the Mailvelope interface in your Online Office. You will be asked to create a password for your PGP key pair. Enter a complex password here and store it in a secure location – for example in your KeepassXC password manager.

The Mailvelope add-on is now installed in the browser. You will then be redirected to this page.


Figure 6: Screenshot coming soon..

Log out of mailbox Office and then log in again. This updates the settings.


Figure 7: Screenshot coming soon..

Setup of Mailvelope with a previously unused mailbox without a PGP key pair

This section will be made available shortly.
Thank you for your patience!

Setup of Mailvelope with a previously unused mailbox and an existing PGP key pair

If you have already created a key pair elsewhere and have not yet configured the Guard, please proceed as follows.


Figure 8: Screenshot coming soon..

Click on the Mailvelope icon in the browser next to the address bar.

Path: Get started! | Keyring


Figure 9: Screenshot coming soon..

Please click on "Import Key".


Figure 10: Screenshot coming soon..

Now you have two options:

  • Import key as file: Use this function to select a (*.asc) file with keys from your hard drive and import it into Mailvelope.
  • Import key as text: First copy the key(s) (multiple keys are also possible) to the clipboard. When you click on "Insert keys from clipboard", the keys are extracted from the text and transferred to the local keyring. Make sure to include both -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK-----.

Note: Please note that you must import both your private and your public PGP key here. Confirm the import of the key.

Done – you can now use Mailvelope with your own PGP key pair!

Setup of Mailvelope when the Guard has been used previously

This step is only relevant if you want to switch from the Guard to Mailvelope.

Export your PGP key pair and, if necessary, the public keys of your communication partners as described here:

Path: All settings | mailbox Guard | Your PGP keys
Path: All settings | mailbox Guard | PGP keys of recipients

Then continue as described above under The Guard and Mailvelope.

Now click on the lock icon in mailbox Office when composing a new mail.


Figure 11: Screenshot coming soon..

If you have set up Mailvelope without your own PGP key pair and without previous use of the Guard, you can already send with your PGP key pair.

If you have used one of the other methods and uploaded your own PGP key, you will be asked to set a password for the PGP keyring. The same also applies when setting up the mailbox Guard.

Do this by entering a password for the key for secure communication. This password is different from the password for the PGP key itself.

During configuration, a window will first appear confirming that encrypted communication is being set up.
Immediately afterwards, another window will appear with the message:

Congratulations, you have set up encryption.

From this moment on, you can send and receive encrypted mails with Mailvelope.

Security notes on using Mailvelope

When using the Mailvelope add-on, there are some important security aspects to note:

  • Your keys are stored on your computer in the local storage of the browser.
  • Since local storage is used to store keys, Mailvelope is not suitable for use on foreign or insecure computers (e.g. in Internet cafés or while traveling).
  • The HTML5 Security Cheat Sheet by OWASP recommends not storing security-relevant information in the browser's local storage, as this data could be compromised by XSS attacks.
  • While there were still security drawbacks when using Mailvelope in relation to the old add-on architecture in Firefox 2003, this disadvantage has been eliminated with the introduction of Web Extensions in Firefox and since Mailvelope 2.0 (October 2017). Web Extensions also prevent CSP execution by default and thus XSS attacks.
  • In Mailvelope, a local GnuPG installation can now also be used for key management. This further increases protection against such attacks and should be used.

Limitations due to Javascript

Javascript was not originally designed as a programming language for cryptographic applications. There are different approaches to assessing whether this is a disadvantage. Here are some arguments:

  • What is considered a serious bug in other crypto implementations must be accepted in Mailvelope as a limitation due to Javascript – for example:
    • It is not possible in Javascript to securely delete a private key from memory after use (“Overwriting memory – why?”).
    • Normal behavior in Mailvelope is classified as a security vulnerability in the TOR project.
  • Through side-channel attacks on the browser, it is possible to reconstruct the sequence of zeros and ones in the private key by observing code execution. However, the crypto implementation in Mailvelope (OpenPGP.js) runs mostly via the Web Crypto API of the browser, which reduces the risk of side-channel attacks.
  • On the other hand, Javascript has the advantage of memory management. This prevents buffer overflows – which are often found in C/C++ implementations – from occurring in the first place.

Further notes

If you use Mailvelope to avoid storing your private key on mailbox servers, you may want to disable the Autocrypt function in the Mailvelope settings. This is not necessary when using mailbox, as we do not support this function via the client API.

  • LinkedIn icon
  • Mastodon icon
  • Bluesky icon
  • RSS icon

Heinlein Gruppe