Skip to main content

Answers for private customers

The Knowledge Base for private customers is already largely up to date. A few individual articles are currently being revised and will be updated shortly. We thank you for your understanding and look forward to providing you with the latest information on using mailbox.

Please note: The Knowledge Base has changed slightly. Categories have been adjusted and any URLs stored in the old Knowledge Base are no longer valid.

PGP key management

Note: The mailbox Guard is designed to work with your main mail address. Use in combination with aliases is generally not intended.

Remark: To use the functions described in this article, you must have the mailbox Guard activated.

The mailbox Guard provides management for your own PGP keys and the public PGP keys of your communication partners. In your mailbox Office you can find this management under All settings | mailbox Guard | Guard PGP default settings.


Figure 1: Mailbox Guard default settings.

When you activate Guard, two key pairs are automatically generated for your main address. This makes mailbox Guard fully functional right away. If you are interested in details, you can find the automatically generated two key pairs in the key management:

  1. The main key (the upper key in the section Your key list) is used to sign mails. It can also be used to certify or sign other PGP keys (Web of Trust) – but this function is currently not implemented in mailbox Guard.
  2. The subkey is used to encrypt and decrypt mail communication and files in Drive.

In the key management, you can download the keys (or key pairs) generated on our server and – if available – import them into your local PGP installation or your local mail client. This way, you can access encrypted mails both in the web client and in your local mail client.


Figure 2: Overview of the key list.

Using your own keys

You can also replace the automatically generated keys with your own existing key pair. This key pair must contain at least your active mailbox mail address as a UID. You can decide whether you only want to upload a public key (to make it available to other Guard users) or also store the private key on our server, which is required to read encrypted content in the web client.

Note: Reading encrypted mails in the web client and opening encrypted files in Drive is only possible if the corresponding valid private key is available on the server.

Public keys of communication partners

In the key management, you can also manage the keyring with the public keys of your communication partners. You can find the list under All settings | mailbox Guard | Your recipient keys.


Figure 3: Overview of recipient keys.

Uploading keys – maximum file size

Note: You can upload public keys with a maximum size of 65k. This is sufficient for most keys. If the key contains photos or many signatures and is larger than 65k, error messages may occur during upload.

To reduce the size of a large key, you can import it into your local GnuPG key management and then export it for upload using the option --export-options export-minimal:

gpg2 --armor --export-options export-minimal --export <your-key-ID> > key4upload.asc