In order to enable Guard for your account, visit the Note: The mailbox.org Settings page and find the option Guard Security Settings. There, click on the Start Button. In the first step, you need to decide whether to use the mailbox.org Guard or the Mailvelope web browser add-on as a security solution.
Generally, we recommend using the mailbox.org Guard. If you wish to use Mailvelope instead, make sure to edit the Mailvelope configuration settings and add mailbox.org to the list of available e-mail providers. Also, you need to enable the Mailvelope-API for *.office.mailbox.org to be able to recognize and use the add-on.
Important: Once you decide to use Mailvelope as a security solution for your account, it will be permanently enabled and cannot be switched off! Only when you use mailbox.org Guard will our support be able to deactivate it later, if required.
If you went ahead by clicking on mailbox.org Guard, a pop-window will appear, asking you to enter a password that controls access to your private encryption key. Please pick a strong yet memorable password and confirm.
Please keep in mind that mailbox.org will NOT store a plain-text copy of your encryption key or your password on their systems!
If you happen to forget this password or delete the key from our system without having a backup copy, your previously encrypted e-mails and files will be lost. There is no feasible way to decode them anymore.
In such case, mailbox.org will be unable to help you. Restoring your encrypted e-mails and files is technically impossible for us to do. This is not a deficiency but an important feature of the mailbox.org Guard, because if it was possible for us to decode your data somehow then the entire encryption system would be useless after all.
After you have activated the Guard, our system will automatically generate the required pair of PGP keys. You need two of those because one of them is public – to be used by anyone wanting to write an e-mail to you to encrypt their message. The second key is kept secret and used by you to decrypt these messages whenever you wish to read them. Access to the private key is secured via the password that you entered upon activation. You may choose a password that is different from your account password. If you want to learn more about how PGP works, have a look at our Doodle Video on the matter.
If you would like to manage your keys, open the PGP key management There, you will see a list with two different key sets:
First, an entry for a pair of secondary keys, used to perform the actual encryption of your messages and files (similar to how a local PGP installation would work).
The other entry is for your pair of master keys whose sole purpose is to secure access to the secondary key pair.
You can download copies of any of these keys from the Guard PGP Setting page. For instance, you might want copies of the secondary keys to import into your local PGP installation (Do this only if you are new to PGP and don’t have any other, previously created PGP keys!). By importing these keys, you can access your encrypted e-mails both via web mail and through your local mail client.
Using your own PGP keys
If you already have a set of PGP keys, you can use them with Guard. You should upload your public encryption key in order for other Guard users to be able to find it easily. Additionally, you can choose to also upload your private key to be securely stored on the server – this is required to enable the reading of encrypted e-mail using the mailbox.org web interface (i.e., in the browser).
If you want to use your own PGP key with Guard, then this key must use your main mailbox.org e-mail address as a UID.
Guard is designed to work with your main email address. It is not intended to be used in combination with aliases.
When you activate the Guard, a PGP key pair is automatically generated for you. A key pair consists of a public key (for encryption) and a private key (for decryption). Access to your private key is secured with the entered password, which does not have to be the same as the login password. Thus mailbox.org-Guard is already fully functional.
In the key management (under "Settings -> mailbox.org Guard security -> Advanced settings") you can download the keys (pairs) generated on our server and - if available - import them into your local PGP installation or your local mail client. This allows you to access the encrypted e-mails in the web client as well as in the mail client.
If you have your Guard deactivated by support in the future (e.g. if you have forgotten the Guard password), the PGP keys stored in the Guard will also be deleted when you deactivate it. To still be able to access your encrypted e-mails and data in this case, it is necessary that you store a backup of the key pair in a secure location (e.g. locally, in an encrypted container).
Note: if you reset the mailbox.org-Guard, it will not deactivate your existing inbox encryption.
In this case, make sure that you are still in possession of the corresponding private key!
To activate the Guard, open the mailbox.org office and click on your initials in the upper right corner. Select "Settings" in the following menu. Now select "Security" - mailbox.org Guard and click on "Start":
Now set your guard password:
Attention: the password set here is NOT your login password. It cannot be reset in case of loss! It therefore makes sense to secure the generated keys afterwards.
If everything worked as expected, you should see the following window:
Now you have several options:
1: All e-mails you send are encrypted by default. If no key is available for the recipient, a guest mailbox is created for this recipient and a corresponding e-mail is sent.
2: All e-mails sent are signed with your personal key. The recipient can check the signature for authenticity.
3: PGP Inline is the "old" way of encrypting e-mails using PGP. More modern is PGP-Mime. Only check this box if recipients have problems with decryption.
4: Here you can set how often the Guard password should be queried.
5: Here you can change the password for the Guard. You need the previous password.
6: Here you have the possibility to download your keys. Secure your private key and keep it in a safe place. If you forget your Guard password, we only can delete your Guard completely. If you do not have a copy of your private key, you can no longer decrypt messages that have already been encrypted then. This also applies to encrypted data in the drive. To download the private key, click on "Your keys" and then on the download icon.
Attention: we do not have a plain text copy of your key and password!
If you forget the key password you have chosen or completely delete the key you have used and do not keep a backup copy, all encrypted e-mails or files will be irretrievably lost!
We can't help you in this case either! A password reset for the key or a recovery of encrypted e-mails or files is unfortunately not possible.
Usage of own PGP keys
If you already use a PGP key pair for your mailbox.org address, you can upload this key pair in the key management and use it to replace the keys generated by the Guard during initialization. You can also decide whether to upload only the public key to make it available to other Guard users, or also upload your private key. To be able to read your encrypted e-mails in the Web client, your private key must have been uploaded by the Guard.
Attention: if you want to use your own PGP key in the Guard, this key must contain your main mail address at mailbox.org as user ID. You can find more information about uploading your own keys in our FAQ.
|Content by Label|