Aurora documentation

Using OpenPGP

As of version 7.4, the product offers OpenPGP support. You can sign and encrypt outgoing mails, as well as verify and decrypt messages you receive.

To implement OpenPGP support, we used OpenPGP.js library. It works with current versions of Firefox, Chrome and Safari; Internet Explorer is not supported.

It's assumed that OpenPGP functionality is enabled in product configuration; if that's not the case, administrator should activate it first.

By default, OpenPGP support is disabled for all the users, and each specific user should enable it for their account if they're willing to use OpenPGP. That's done in OpenPGP screen of user account settings.

The first thing to do is to set up your public and private key. If you don't have those yet, you can generate those in webmail interface directy: press Generate button, select email address you're willing to use, specify password for the key pair (optional) and select key length. Generating keys may take a while, once that's done you'll have the keys stored in your webmail account.

If you already have those keys, you can import those into webmail application, that is done separately for public and private key. You can have keys supplied for multiple email addresses linked to the same webmail account if necessary.

IMPORTANT: Private and public keys are never transmitted to the server where webmail application runs, handling keys is performed in your browser only. So if you have multiple locations you access your account on, you'll need to add the same keys across all of them.

The next step is to send your public keys to parties you're willing to exchange emails securely with. That can be done in multiple ways, for example making them available on your website. Of course, you can send those via webmail interface, too - in OpenPGP settings screen, click View and then Send button. When someone sends you the key file with .asc extension, you'll be able to import that one - and just like your own keys, they're stored in the browser, not on webmail server.

In message compose mode, you can press OpenPGP button which opens dialog for processing outgoing mail. For signing mails, you'll need to have your own private key, and in case of encrypting, public keys of all the recipients are required.

When you receive signed or encrypted message, you'll get an option to verify/decrypt that message. For decrypting messages, you only need your private key; for verification purposes, sender's public key is requried.

Note that using OpenPGP has its limitations - only plaintext messages can be processed, attachments or HTML bodies can not. And once you invoke OpenPGP tool at message compose screen, you'll get a prompt for removing message formatting before proceeding with signing/encrypting.