You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

You may replace the automatically created PGP keys on our server with your own. Note that any custom keys need to state your primary mailbox.org e-mail address as UID.

First, open the Guard PGP key management and upload your new key to the server. In order to upload a new key, click on the “+” symbol in your key list. The following dialog appears.

upload your own key

Once the upload is finished, you can delete the (old) default keys that were previously generated by Guard.

Users with critical security requirements should consider not uploading their private PGP key to our server but only the public key. It is possible to just provide the public part of the key such that other Guard users can encrypt any messages they wish to send to you. However, without the private key it won’t be possible to read Open-PGP-encrypted e-mail via Webmail in the browser. Of course, you can still access these e-mails with any mail client that has the necessary local PGP configuration in place.

If you upload a private PGP key, or a pair of private and public keys, you will be asked to enter two passwords:

  1. The existing pass phrase that you chose to secure your private key on the local computer. This will be required to decrypt the key for upload. 
  2. A new password – Important: Please do make sure your entry here is identical to your existing Guard password. This is required to control access to the private key stored in mailbox.org Guard.
    If you fail to enter a password that is identical to your existing Guard password, then you will lose access to any previously created keys – which means you won't be able to delete them.

enter passwords for your private keys

Once uploaded, the new keys will be flagged „current“ and the previously used keys become inactive. You can now delete the inactive keys by clicking on the related trash bin symbol. Note that you will be asked to enter the Guard password when trying to delete a private key. 

Beware: Only delete old keys if you are absolutely certain that you will not need them anymore. If there are still e-mails or files stored in your account that were previously encrypted with the old key, you will no longer be able to decrypt and read these after you've deleted that key.

Note: Because of a bug it is not possible to directly upload the public keys generated by OpenPGP smartcards (z.B. Nitrokey, Yubikey NEO) to mailbox.org Guard. A workaround is available – please see the FAQ article on How to use GnuPG smartcards with Guard.