WebMail Pro documentation

PGP encryption in Files

Starting from v8.5, WebMail Pro lets users encrypt their files with strong AES-256 encryption using their existing PGP keys (a new key can be created as well). The process of encryption/decryption occurs right in the browser (or on the mobile device in case of our iOS/Android clients) so the server is never involved in this process. The server never has access to the private keys (they are stored on client devices only) and unencrypted data (that's what we call Paranoid Encryption).

Technically, each file is encrypted with a unique AES-256 key and that key is encrypted with the user's PGP key.

The user can also send links to their encrypted files to external contacts, provided that the PGP public key of that contact is already known to the system. This means the file's unique AES-256 key is encrypted with multiple PGP keys (the file's owner and the recipients'). Again, the process fully takes place on client's devices. This allows for secure storage and exchange of encrypted files which never involves server part.

To start using Paranoid Encryption, make sure the user has "Paranoid Encryption" enabled in the Settings. Also, in OpenPGP tab the user must import existing or generate new PGP private and public keys.

To add PGP public keys for another user, you can simply import the key through OpenPGP tab of Settings screen, the same way you add your own keys. You can also do that in Contacts: select the contact, Edit Contact, Show additional fields, and then copy/paste the key contents in Public PGP key field.

OpenPGP Key 1

Note: in case if you're migrating from an earlier version and already made use of encrypted files, please check PGP encryption changes in v8.5 page.