WebMail Lite offers OpenPGP support. You can sign and encrypt outgoing mails, as well as verify and decrypt messages you receive.
To implement OpenPGP support, we used OpenPGP.js library. It works with current versions of Firefox, Chrome, Safari and Edge; Internet Explorer is not supported.
This functionality is enabled in product configuration by default - however, administrator can disable OpenPGP support.
By default, OpenPGP support is disabled for all the users, and each specific user should enable it for their account if they're willing to use OpenPGP. That's done in
OpenPGP screen of user account settings.
The first thing to do is to set up your public and private key. If you don't have those yet, you can generate those in the interface directy: press
Generate button, select email address you're willing to use, specify password for the key pair and select key length. Generating keys may take a while, once that's done you'll have the keys stored in your WebMail Lite account.
If you already have those keys, you can import those into the application, that is done separately for public and private key. You can have keys supplied for multiple email addresses linked to the same WebMail Lite account if necessary.
IMPORTANT: Private keys are never transmitted to the server where the application runs, handling keys is performed in your browser only. So if you have multiple locations you access your account on, you'll need to add the same keys across all of them. Make sure your private keys are stored in some secure location, lost keys and access to encrypted content cannot be restored otherwise.
The next step is to send your public keys to parties you're willing to exchange emails securely with. That can be done in multiple ways, for example making them available on your website. Of course, you can send those via the interface, too - in OpenPGP settings screen, click
View and then
Send button. When someone sends you the key file with .asc extension, you'll be able to import that one - and just like your own keys, they're stored in the browser, not on the server.
In message compose mode, you can press
OpenPGP button which opens dialog for processing outgoing mail. For signing mails, you'll need to have your own private key, and in case of encrypting, public keys of all the recipients are required. For specific recipients, you can enable Sign and Encrypt option automatically:
When you receive signed or encrypted message, you'll get an option to verify/decrypt that message. For decrypting messages, you only need your private key; for verification purposes, sender's public key is requried.
Note that using OpenPGP has its limitations - only plaintext messages can be processed, attachments or HTML bodies can not. And once you invoke
OpenPGP tool at message compose screen, you'll get a prompt for removing message formatting before proceeding with signing/encrypting.