Skip to main content

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

How is the private key protected

Note: This article answers a specific question that only applies if you have activated the mailbox Guard.

How is it prevented that third parties or even the administrators of mailbox gain access to your private key?

Protecting the key

When you upload a PGP key or generate one via Guard, this key is encrypted with a password known only to you. This password is never stored on our systems and must be entered by you separately whenever decryption is required (e.g., to read an encrypted mail or edit an encrypted file).

As long as you do not enter the Guard password, the key files remain encrypted on the server and are therefore inaccessible – even to us.

Secure use of your key

When you log in, your key is decrypted for exactly one action: to be re-encrypted with a newly generated, random key for that login and temporarily stored at mailbox. The temporary password is cached in your browser, and the temporarily encrypted PGP key is stored on our mailbox server.

Neither your respective passwords nor your PGP key are ever stored permanently in plaintext on the hard disk or in the program memory of our servers.

Each side has only “half knowledge” of the information required to access the PGP key – and thus your encrypted data. Even if a third party were to gain access to one of the two pieces of information, they would not be able to compromise your sensitive data.

As soon as you log out, the temporary encrypted copy of the key is deleted. Even if someone were to later extract the temporary password from your login session, it would already be useless after you have logged out.

Attack scenarios

If an attacker were to intercept the temporary key during transmission to the user’s browser, they would have no way of accessing the real PGP key, which remains stored only on the server. An attacker’s login would start a new, independent session in which the stolen temporary password would be worthless.

An attacker, however, who has (direct or remote) access to your device and thus already has local control over your web browser, could take over the current session of your mailbox login and thereby also obtain the temporary key – but this is only valid briefly during your active login session and therefore cannot be used permanently.

However, at this point the attacker would already have local access to your device and browser and therefore also to your mails and all data currently being processed there – regardless of whether these are encrypted or decrypted locally on your PC using a PGP installation or server-side by our Guard.

Thus, the real question concerns the security of each user’s device. Using the mailbox Guard does not create any additional security gaps or attack vectors beyond those already present due to hardware, the operating system, or third-party software.

On the contrary: one could even say that when using Guard, an attacker at least does not immediately gain access to the user’s PGP keys, since these are stored on the mailbox servers.