Nowadays it’s increasingly important to use various online safety measures. In this article, we will explain how
PGP encryption can help you achieve truly secure email communication and how to use PGP encryption in both the
eM Client desktop app and the eM Client mobile app.
When you send a regular email, TLS (Transport Layer Security) encrypts the communication between email servers,
ensuring your data isn’t transmitted in plaintext.
However, TLS only protects the data while it's in transit. If TLS fails or the connection is compromised, the
contents of the email could still be exposed.
This is where PGP (Pretty Good Privacy) encryption comes in.
PGP encrypts your email data end-to-end, ensuring it remains secure regardless of the connection’s security.
Even if TLS fails to protect your data in transit, or the email server is attacked, PGP keeps your data
encrypted until it's decrypted with the correct key.
PGP uses asymmetric encryption: there is always a key pair of a private key
and a public key.
Your private key is used to digitally sign your emails, confirming they were sent by you. It is also used to decrypt incoming emails.
Private key should always be kept safe and should not be shared with anyone.
Meanwhile, your public key is shared with others, allowing them to send encrypted emails to
you and verify your digital signature.
Read all about the important
technical aspects of PGP here.
We will guide you through setting up PGP data encryption in the eM Client desktop and mobile app, so you have
that extra layer of security for all your private data.
Let’s look at the PGP encryption settings in the eM Client desktop app.
How to use PGP encryption in the eM Client desktop app
PGP can be enabled when you first set up your e-mail account. If you haven’t done that, there is always the
option to set it up later.
To start using PGP email encryption in our desktop app, go to Settings > Signing and Encryption >
Certificates and Keys. Click on the “Manage Certificates/Keypairs” button:
If you already have a PGP keypair, you will find the Import feature under the Manage
Certificates/Keypairs section. To import your public and private keys from a file, click on the
“Import” button. When you select “Import”, you will be able to choose the
keypair files from your local files.
In case this is your first time using PGP, create a new key pair by clicking on the “Create a PGP
keypair” button.
A pop-up window will show up where you name your key pair and set up a password to protect it:
There is an option to choose the key size in bits - 1024, 2048, or 4096 bits:
Generally, the bigger the key size, the more secure it is.
Once you configure your settings and set a password, an ASC file with your private key is
created and saved on your computer. For optimal security, store it in a safe location and back it up on a secure
external USB drive or cloud storage.
Your public key has to be shared with the people you want to communicate with - to do this, use
the Send function in Settings > Signing and Encryption > Certificates and Keys. After you
double-click on your key pair, a pop-up window will appear.
Click “Send” to automatically compose a new email with the public key attached.
After sending your public key, contact the people you want to share it with separately (via phone or in person)
to verify the key’s fingerprints match.
The “Export” button will let you export the public key, and the complete key pair or export
your key pair to your mobile device using a QR code:
You can export your entire PGP keypair as a QR code, which is quite convenient. However, it's crucial to
remember that you should never share your full keypair with anyone, no matter the situation.
Always share only your PGP public key.
You can also upload your public key to the major public key sharing websites - keys.openPGP.org and eM Keybook.
More on eM Client Keybook here.
Either upload it to the eM Client Keybook during the key pair creation or later on in the “Manage
Certificates/Keypairs” section:
To be able to access the upload feature, make sure the Key Lookup Services are enabled in Settings >
Signing and Encryption > Key Lookup Services:
If you choose to share your public key through one of these services, you make it easier for people to send you
encrypted emails.
You may need to remove a public key if it expires or if you lose the corresponding private key.
In such cases, it's important to create a new key pair to replace the old one.
The uploaded public keys can always be deleted later in the “Manage Certificates/Keypairs”
section by right-clicking on the public key and choosing “Remove from…”:
PGP Encryption and Digital Signatures in Practice
Now that you have set up PGP encryption in the eM Client desktop app and shared your public key by either
sending it out or uploading it to a Key Lookup service, let’s discuss how the encryption and decryption process
works in practice.
In eM Client, both you and the recipient must create a PGP key pair and exchange public keys. Only then can you
send encrypted emails to each other.
It's important to note that you and your recipient need to use the same encryption method - either PGP or S/MIME.
eM Client supports S/MIME, which is widely used by companies and government organizations. However, it requires
a paid certificate issued by a centralized certificate authority (CA).
In contrast, PGP is free and easier to set up, making it a more accessible option for many users, mainly
individual users.
When composing a new email, you will see a lock icon in the top toolbar of the compose window - hover over it,
and “Encrypt” will show up:
The Encrypt and Sign icons will only show up in the top toolbar once you create a keypair and enable
encryption.
Once you click on the lock icon, it will turn on the encryption for the email you compose. The button should
have a grey background when the encryption is turned on:
The same goes for the built-in digital signature feature. By clicking on the digital
signature icon that looks like a seal, a digital signature will be included in your message:
Your emails will show that you signed them digitally, so the recipient will have no doubts about the sender’s
identity:
Once you send the email, the sent copy will be saved in your Sent folder, encrypted by your private key, and
thus kept safe from any potential threat:
If you want to decrypt it, you will be asked to enter your password:
The same pop-up will show up if you want to decrypt any encrypted email in your inbox.
Entering your password for each new email might get tedious.
If you want to make your life a bit easier, go to Settings > Signing and Encryption > General,
where you can enable eM Client to remember the entered key password - until the application exit, for 5 minutes,
never or forever. Select the option that best suits your preferences and workflow. It’s important not to use the
“Forever” option if there’s a chance someone else could access your device or if it could be stolen. This could
expose your identity, as a thief could easily use your digital signature.
If you do not want to turn on encryption and digital signature manually each time you compose an email, set a
policy for each of your accounts by heading to Settings > Signing and Encryption > Account
Policies:
Either select a policy for all of your accounts or a different policy for each, depending on your needs.
By choosing “Encrypt messages by default” and “Digitally sign messages by
default”, all of the emails you send will be encrypted, as long as you have the public PGP key of
the recipients and have set up your own PGP key pair.
Setting up PGP encryption in the eM Client mobile app
You will find the encryption settings in the main Settings menu under Signing & Encryption:
In the General section, the mobile app offers the additional use of biometrics to protect your passwords:
Under the Certificates section, you can create a new key pair. There is also an option to import an existing key
pair using a QR code. This means you can use the same key pair for both your desktop application and your mobile
application.
You will find the export option in your desktop app under Settings > Signing and Encryption >
Certificates and Keys > Manage Certificates/Keypairs:
The same Account Policies and Key Lookup Services options are available in the mobile app:
PGP encryption provides an essential layer of security for your email communications, protecting your private
data from potential threats. When using eM Client’s desktop and mobile app, you can easily set up and manage PGP
encryption, ensuring that your emails are encrypted and signed for authenticity. Whether you’re using PGP for
personal privacy or professional communication, this method offers a reliable way to protect sensitive
information and maintain control over your data.
New to eM Client?
Try it out! It's free and fabulous.
If you’re ready for more, buy Personal or Business
license and enjoy:
And in the meantime, check out our YouTube channel for how-to videos.