PGP key management
This article has been updated for beta users. You can find the new version for beta users below.
Note: to use the features described in this article, you must have the mailbox.org Guard enabled.
Note: The mailbox.org Guard is designed to work with your main email address. It is not intended to be used in combination with aliases.
The mailbox.org Guard provides an administration for your own PGP keys and the public PGP keys of your communication partners. You can find this administration in your mailbox.org office under "Settings | mailbox.org Guard Security":
Once mailbox.org Guard is enabled, two pairs of keys will be created. The keys are then used automatically by the software such that users do not normally need to concern themselves with them.
- The master key (first key pair) will be used to sign emails. It can be used for certification of other keys too (web of trust), but this feature is not implemented in mailbox.org Guard.
- The secondary key will be used for encryption and decryption of emails and files in drive.
The PGP keys which have been generated on our server can be downloaded from the key management section. This is useful if you have a local PGP installation on your PC or mobile phone, and would like to set up a mail client on these devices that uses the same keys. This will enable parallel access to your encrypted e-mail both via Webmail and by your local e-mail programs.
Please note: The mailbox.org Guard has been designed to work with your account's main e-mail address. Using it in combination with e-mail aliases is not supported.
Import your own, existing PGP keys
You may replace the automatically created PGP keys on our server with your own. Note that any custom keys need to state your primary mailbox.org e-mail address as UID. Users with critical security requirements should consider not uploading their private PGP key to our server but only the public key.
Please note: You must have a valid private key in place on the server in order to be able to read encrypted e-mails in the browser or open encrypted files on the Drive.
Public keys of communication partners
You may add the public keys you got from your communication partners here to. Click on the "+" symbol in the public keys section to upload a public key.
Additional you may manage the public keys of you communication partners with the addressbook. Open the addressbook entry. You can upload a public key with a click on the "+" symbol in the public keys list.
Supported maximum size of key files
Note: The file size of any public PGP keys uploaded to mailbox.org must not exceed 65 kilobytes, which is sufficient for most keys. However, if a key contains image data or very many signatures, the file may be larger, and this will likely cause upload problems.
To reduce the file size of an over-sized key, open the file locally with the GnuPG key management tool and export a leaner version as follows:
> gpg --armor --export-options export-minimal --export <yourKeyID> > yourFileName.asc
If you don"t have GnuPG available locally to export the key like this, please ask your communication partner to provide a smaller key file.
Updated Beta Article
The following sections of this article have been adapted to reflect the current Beta version. Please note that the structure and naming of individual menus or functions may differ from the previous version.
Changes in the new mailbox.org Beta related to the mailbox.org Guard
The mailbox.org Guard section has been especially redesigned to make working with PGP keys easier and more transparent. Guard enables secure end-to-end encryption of your emails using personal key pairs (public/private). In the beta version, you can easily generate new keys or upload existing ones.
Accessing mailbox.org Guard
- Log in to your mailbox.org account.
- Click the gear icon in the top right to open the All Settings area.
- Navigate to mailbox.org Guard.
Figure 1: The mailbox.org security settings.
Figure 2: Add a key to Guard.
Uploading an existing private key
If you already use your own key pair (e.g., from another email client), you can also add the private key to Guard. This is necessary to decrypt encrypted messages in the web interface.
Figure 3: Upload a private key.
Steps:
- Go to All Settings → mailbox.org Guard.
- Click on Upload private key.
- Upload your private key file (e.g.,
.asc). - Enter the passphrase for the private key to decrypt and connect it to your account.
- The key will be encrypted locally and stored securely in the Guard system.
Uploading a public key (optional)
You can also upload your public PGP key separately, for example if it was created using an external tool.
Steps:
- Go to Settings → mailbox.org Guard.
- Select Upload key → Upload public key.
- Choose the appropriate file and upload it.
- The key will now be used in your account to encrypt messages sent to you.
Overview of features related to mailbox.org Guard PGP encryption
| Function | Description |
|---|---|
| Download my public keys | Downloads the currently stored public PGP key. |
| Generate new key | Creates a new key pair (private + public) directly in mailbox.org. |
| Upload private key | Allows you to upload an existing private PGP key. |
| Upload public key | Allows you to upload an existing public PGP key. |
Note: Under the menu item “Your key list” you can view the keys already associated with your account.
Changes in the mailbox.org Suite after the update
- The user interface in the new mailbox.org Suite has been modernized and visually redesigned.
- The process of managing your PGP keys remains technically identical.
- There are minimal changes in navigation paths related to PGP encryption.
Path: Settings | mailbox.org Guard | Your keys