- PGP - Pretty Good Privacy - system for encryption of electronic messages based on the interaction of pairs of keys: "private key and public key".
- A PGP private key or "secret key" is a special file created on the user's device. The secret key is encrypted with a password that is set at the time of creation. If the secret key is stored locally (imported), it must be kept in a secure location. If you lose the key or its password, you will not be able to recover or read the emails encrypted with this key.
- A PGP public key or "public key" is a file, a specially generated string of text, paired with your secret key. The public key is used by your recipients to verify your digital signature and send you encrypted messages (such encrypted messages can be read only by the recipient who has the corresponding secret key).
- Signature: This does not mean the signature in the email as contact information. But a confirmation that the message belongs to the private key with which the signature was created. The signature is used to confirm that the message was sent by the sender whose public key was previously provided to the recipient.
Basic principles for sending encrypted messages
- Public PGP keys must first be exchanged so that communication between the sender and recipient of messages can take place using encryption algorithms. This means that the sender must send his "public PGP key" to the recipient before exchanging emails, and the recipient must transfer (import) this key into his email program. This is a prerequisite for all subsequent messages to be encrypted on the sender side and successfully decrypted on the receiver side.
- When creating the email, the sender can specify whether the email should be encrypted or not. If encryption is specified, the email will be encrypted at the time of sending, provided that the recipient has a public key of that recipient. In the system, the public key transmitted to the recipient is compared with the private key stored in the recipient's system. If the comparison is successful, the message is decrypted. Not even the sender can read the encrypted email, but only the owner of the paired private key.
- The same applies to the sender's signature, except that you can simply add the signature to the email without encrypting it.
- When you receive an encrypted message (with your public key), you must enter the password for your PGP secret key. When signing the message, you must also enter your secret key password.
- If the password for a PGP private key is lost, it cannot be recovered. This means that you have to remember the password for the key and take care of the storage of the key yourself.
- With Swisscows.email you have the possibility to work in the mailbox not only through the web interface, but also in other email programs such as Outlook, Thunderbird, TheBat, etc. that use the standard imap/smtp protocols.
The openPGP standard used ensures full compatibility of Swisscows.email with these programs. If a third-party email program is used, PGP key maintenance is performed in the program. Both Swisscows.email and the mentioned email programs have import/export functions for PGP keys.
How PGP encryption is used in Swisscows.email
Creation / editing of the own PGP key
1.1. After launching Swisscows.email for the first time, go to Settings and select "PGP Keys":
1.2. The key management window opens on the right-hand side of the screen:
Use the "Create" button to create a new key pair.
The "Import" function allows you to import existing PGP keys previously created for other programs into the mailer.
The "Export" function saves the selected keys to a location specified by the user.
The generated keys are stored on the Swisscows.email server in encrypted form. They cannot be accessed without a user password.
1.3. Click the "Create" button to generate a new key pair. A dialog box for setting the key password is then displayed:
When you create a key, you can select an encryption type. If you are not sure what type you need, leave the default value (RSA - 2048 bits).
Enter the key password and repeat it.
- Remember the password well, because if you lose it, you will not be able to use this key again.
- It is not recommended to use the same password for email login and PGP key.
1.4. To insert existing keys into the Swisscows.email program, click on the "Import" button and specify the storage location:
1.5. If a public and/or private key is to be stored in a specific location, click the "Export" button and specify which key is to be stored in which location:
PGP public key exchange
Once some PGP key pairs have been created, they will be displayed in the keys list on the corresponding tab. The number of keys created by a user is unlimited.
However, it should be noted that the recipient of an encrypted message can only read it if he has previously entered the public version of the corresponding PGP key into the sender's email program.
To do this, the sender of the letter must provide the recipient with the corresponding public key.
To send a public key to the recipient in Swisscows.email, simply enable the "Attach my public key" option and send them an email:
After receiving this email, the recipient has the opportunity to import this key into his email program:
When the sender's public key is successfully added, all subsequent emails with the sender's signature are automatically verified and marked with the green "trusted" sign.
Most importantly, encrypted emails can be sent to this recipient only after adding such a key (the email program automatically finds the required key in the recipient's email address).
If an unauthorized person retrieves the encrypted email, or even you yourself if you do not remember the password and have not activated the private key, the email will look like this:
Creating an encrypted message
Encrypting a message to be sent in Swisscows.email is quick and easy!
To do this, click "Compose" (create a new message) and click "Encrypt this message" in the right pane:
When you send this message, it is encrypted and goes through all channels in this encrypted form.
Please consider: This method of message encryption was developed specifically for the secure transport of emails, so that no unauthorized access can occur at the most sensitive point - when the email is sent. Once the email reaches the recipient and is decrypted with the sender's public key, the email is fully readable (but still stored in encrypted form).
Creating a message signature
The "message signature" is a means of confirming the authorship of the sender of a message.
If the sender and the recipient have exchanged their public keys in advance and the sender has signed the email with his digital signature, the recipient can use the following message to check whether the signature matches the previously received key:
To add a signature to a message, simply activate the corresponding element when creating the message:
This way, when you create an email in Swisscows.email, you can digitally sign and/or encrypt your message at the same time.
You can change the default encryption options through your email client settings. For example, you can specify that all newly created emails are automatically encrypted and/or digitally signed without having to manually enable these options.
To do this, go to Settings - Preferences - Encryption and enable the appropriate options:
Enable message encryption and signing:
Enable/disable digital signature and encryption
Enable message signatures verification:
Enable/disable digital signature verification in messages
Enable message decryption:
Enable the ability to decrypt incoming messages
Sign all messages by default:
Automatic signing of all messages
Encrypt all messages by default:
Automatic encryption of all messages
Attach my public PGP key by default:
Automatically attach a PGP public key to created messages
After making changes to this list of options, you must click the "Save" button for the changes to take effect.