Easily Encrypt & Sign Email with Zimbra and OpenPGP

9 Nov, 2016 John W. Collaboration, Email, Exchange Replacement, Hosting, Mail Server, Office365, open source, Open Source Edition, Security & Safety, Zimbra

The OpenPGP Zimlet allows XMission Zimbra webmail to encrypt and sign email messages. It is available to XMission Zimbra Premium or Personal Premium mailboxes.

OpenPGP encryption prevents your messages from being opened by anyone other than the intended recipient. It will prevents your message from being altered or changed by anyone other than yourself, maintaining the authenticity of your content. XMission strongly supports and encourages the use of encryption.

What is a Zimlet? – Zimlets are add-on features to your Zimbra webmail that enhance the functionality of your Zimbra client.
What is PGP/OpenPGP? – PGP stands for “Pretty Good Privacy”. It is an encryption method shared between two people that have exchanged public and private keys to one another.
What is a Public/Private Key? – Both Public and Private keys are two unique cryptographic keys that work together to both encrypt and decrypt information, in this case, in plain text.
What email applications support Encryption? Most modern email and webmail applications can support PGP key encryption technology including Zimbra webmail, Microsoft Outlook, Thunderbird, and more.

Note: Your public key may be shared with others, while your private key remains secret to yourself and your Zimbra OpenPGP Zimlet.

This post is a generalized version of the Open PGP Zimlet wiki. You can reference this and the author’s wiki page for up to date modifications and comprehensive technical details.

How It All Works

By creating a message that is encrypted with the OpenPGP Zimlet, only recipients with a matching private key are able to decrypt and read your email. The OpenPGP Zimlet makes this process as simple as clicking a few buttons in your Zimbra webmail. After composing your email, you may click the “Encrypt message” option.

Note: Only Plain Text emails are encrypted. This Zimlet automatically converts your message to plain text when you click “Encrypt message”.

OpenPGP Zimlet Setup Guide

If you already use PTP/GPG please import your existing key. For those new to encryption this is how to quickly and easily generate your key pair for everyday use.

1. Open your Preferences in Zimbra webmail.

2. Navigate to “Zimlets”.

3. Check the box for “OpenPGP”.

4. Return to your “Mail” tab and expand the “Zimlets” options to find “OpenPGP”.

5. Right click on “OpenPGP” and select “Generate Key Pair”. You are presented with three key length options; 1024, 2048, and 4096. The longer the key, the more secure the data. Please understand that the larger the key, the longer your browser will take to encrypt messages and for the receiving application to decrypt messages. XMission recommends 2048. As mentioned above, if you already use PTP/GPG please import your existing key.

6. After generating your Key Pair, it will look similar to the message below:

How to Send and Receive Public Keys

1. To send your public key, simply right click the OpenPGP zimlet under the “Zimlets” windows and select “Send someone my public key”.

2. To receive a public key from someone, they will need to send you their key. Zimbra webmail will automatically detect the presence of a public key when you load an email that contains one. You will receive a notice similar to the picture below:

Some organizations and individuals may utilize trusted external keyservers. This Zimlet supports keyserver use.

Auto Decrypt

You can enable/disable the “Auto decrypt” option, inside the “Manage Keys” menu.

How to Send Encrypted Messages with OpenPGP

1. Compose the body of email, enter Subject, and click “Encrypt Message”.

2. You will be prompted to select message recipients from others you have public keys for. Now is when you add any attachments to be encrypted. Any attachments added outside of this field will not be encrypted. Next, click “OK”.

3. Your encrypted message appears in the compose window. The Subject line is not encrypted. Click “Send” button to complete.

Managing your contacts Public Keys

When you accept public keys, the OpenPGP Zimlet automatically adds them to your “Managed Keys” under the “Public Keys” section. This is unique to the user that sent them.

Importing your own PGP Private Key to OpenPGP

If you already have your own PGP Private Key, you can simply paste your key into the Private Key field inside the “Manage Keys” section of the OpenPGP zimlet.

About Private Key Security

It is important to keep your private key secure when using public key cryptography methods such as such as PGP. You should NEVER share your private key with anyone under any circumstances.

With that said, please note that the OpenPGP Zimlet does NOT store your private key on our servers. If you choose to “store” your private key, it will be stored in your browser, not on XMIssion’s servers. It is stored with AES-256 encryption. If you choose to store the passphrase to your key, that passphrase can be stored either on our servers or in your browser’s local storage. If you store your passphrase, it is potentially possible for somebody with access to your computer to acquire your unencrypted private key.

You can also choose to store nothing, providing your private key and passphrase manually every time you need to sign or encrypt a message.

We recommend storing your key, but not your passphrase, in your browser. This provides a good balance between security and convenience.

Zimbra Desktop

Those using the Zimbra Desktop application this Zimlet is not compatible for install. You will need to log in to your webmail to utilize this Zimlet.

Special Thanks

We want to thank Barry DeGraaff for creating the OpenPGP zimlet and the Zetalliance for their on-going contributions to the Zimbra platform.

Please comment, post questions, or share your experiences below.

John Webster, XMission Email Product Manager and Zimbra evangelist, has worked at XMission for over 20 years doing his favorite thing: helping companies communicate with customers through technology to grow their business. When he’s not uncovering Zimbra’s secrets you might find him in our beautiful Utah mountains. Connect with him on LinkedIn today!