{"id":4475,"date":"2016-11-09T11:48:29","date_gmt":"2016-11-09T18:48:29","guid":{"rendered":"https:\/\/xmission.com\/blog\/?p=4475"},"modified":"2017-01-12T14:47:22","modified_gmt":"2017-01-12T21:47:22","slug":"easily-encrypt-sign-email-with-zimbra-and-openpgp","status":"publish","type":"post","link":"https:\/\/xmission.com\/blog\/2016\/11\/09\/easily-encrypt-sign-email-with-zimbra-and-openpgp","title":{"rendered":"Easily Encrypt &#038; Sign Email with Zimbra and OpenPGP"},"content":{"rendered":"<p>The OpenPGP Zimlet allows XMission Zimbra webmail to encrypt and sign email messages. It is available to XMission\u00a0<a class=\"external text\" href=\"https:\/\/xmission.com\/email\" target=\"_blank\" rel=\"nofollow\">Zimbra Premium<\/a> or <a class=\"external text\" href=\"https:\/\/xmission.com\/personal_email\" target=\"_blank\" rel=\"nofollow\">Personal Premium<\/a>\u00a0mailboxes.<\/p>\n<p>OpenPGP encryption prevents your messages from being opened by anyone other than the intended recipient. It will prevents your message from being altered or changed by anyone other than yourself, maintaining the authenticity of your content. XMission strongly <a href=\"https:\/\/xmission.com\/blog\/2015\/05\/19\/an-honest-discussion-about-data-privacy-open-source-and-communications-security\">supports and encourages<\/a> the use of encryption.<\/p>\n<ul>\n<li><i>What is a <b>Zimlet<\/b>?<\/i> &#8211; Zimlets are add-on features to your Zimbra webmail that enhance the functionality of your Zimbra client.<\/li>\n<li><i>What is <b>PGP\/OpenPGP<\/b>?<\/i> &#8211; PGP stands for &#8220;<b>P<\/b>retty <b>G<\/b>ood <b>P<\/b>rivacy&#8221;. It is an encryption method shared between two people that have exchanged public and private keys to one another.<\/li>\n<li><i>What is a <b>Public\/Private Key?<\/b><\/i> &#8211; Both Public and Private keys are two unique cryptographic keys that work together to both encrypt and decrypt information, in this case, in plain text.<\/li>\n<li>What email applications support <strong>Encryption?<\/strong>\u00a0Most modern email and webmail applications can support PGP key encryption technology including Zimbra webmail, Microsoft Outlook, Thunderbird, and more.<\/li>\n<\/ul>\n<p><b>Note:<\/b> Your <b>public<\/b> key may be shared with <i>others<\/i>, while your <b>private<\/b> key remains <i>secret<\/i> to yourself and your Zimbra OpenPGP Zimlet.<\/p>\n<p>This post is a generalized\u00a0version of the <a href=\"https:\/\/wiki.xmission.com\/OpenPGP_Zimlet\" target=\"_blank\">Open PGP Zimlet wiki<\/a>. You can reference this and the author&#8217;s <a href=\"https:\/\/github.com\/Zimbra-Community\/pgp-zimlet\">wiki page<\/a> for up to date modifications and comprehensive\u00a0technical details.<\/p>\n<h3><span id=\"How_It_All_Works\" class=\"mw-headline\">How It All Works<\/span><\/h3>\n<hr \/>\n<p>By creating a message that is encrypted with the OpenPGP Zimlet, only recipients with a matching private key are able to decrypt and read your email. The OpenPGP Zimlet makes this process as simple as clicking a few buttons in your Zimbra webmail. After composing your email, you may click the &#8220;Encrypt message&#8221; option.<\/p>\n<p><b>Note:<\/b>\u00a0Only\u00a0<b>Plain Text<\/b>\u00a0emails are encrypted. This Zimlet automatically converts your\u00a0message to plain text when you click &#8220;Encrypt message&#8221;.<\/p>\n<p><a href=\"http:\/\/wiki.xmission.com\/images\/8\/8b\/Email-encryption-graphic.png\"><img decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/8\/8b\/Email-encryption-graphic.png\" alt=\"Email-encryption-graphic.png\" width=\"100%\" style=\"margin-bottom:1em\" \/><\/a><\/p>\n<h3><span id=\"OpenPGP_Zimlet_Setup_Guide\" class=\"mw-headline\">OpenPGP Zimlet Setup Guide<\/span><\/h3>\n<hr \/>\n<p>If you already use PTP\/GPG please\u00a0<a href=\"https:\/\/wiki.xmission.com\/OpenPGP_Zimlet#Importing_your_own_PGP_Private_Key_to_OpenPGP\" target=\"_blank\">import your\u00a0existing key<\/a>. For those new to encryption this is how to quickly and easily generate your key pair for everyday use.<\/p>\n<p>1. Open your <b>Preferences<\/b> in Zimbra webmail.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/images\/c\/c1\/Preferences.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/c\/c1\/Preferences.png\/500px-Preferences.png\" alt=\"Preferences.png\" width=\"500\" height=\"90\" \/><\/a><\/p>\n<p>2. Navigate to <b>&#8220;Zimlets&#8221;<\/b>.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Zimlets1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/9\/9b\/Zimlets1.png\" alt=\"Zimlets1.png\" width=\"199\" height=\"519\" \/><\/a><\/p>\n<p>3. Check the box for <b>&#8220;OpenPGP&#8221;<\/b>.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Openpgpzimletsmall.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/1\/13\/Openpgpzimletsmall.png\" alt=\"Openpgpzimletsmall.png\" width=\"503\" height=\"139\" \/><\/a><\/p>\n<p>4. Return to your <b>&#8220;Mail&#8221;<\/b> tab and expand the <b>&#8220;Zimlets&#8221;<\/b> options to find <b>&#8220;OpenPGP&#8221;<\/b>.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Openzimlets.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/8\/85\/Openzimlets.png\" alt=\"Openzimlets.png\" width=\"193\" height=\"334\" \/><\/a><\/p>\n<p>5. Right click on <b>&#8220;OpenPGP&#8221;<\/b> and select <b>&#8220;Generate Key Pair&#8221;<\/b>. You are presented with three key length options; 1024, 2048, and 4096. The longer the key, the more secure the data. Please understand that the larger the key, the longer your browser will take to encrypt messages and for the receiving application to decrypt messages. XMission recommends 2048.\u00a0As mentioned\u00a0above, if you already use PTP\/GPG please\u00a0<a href=\"https:\/\/wiki.xmission.com\/OpenPGP_Zimlet#Importing_your_own_PGP_Private_Key_to_OpenPGP\" target=\"_blank\">import your\u00a0existing key<\/a>.<\/p>\n<p><a class=\"image\" href=\"https:\/\/wiki.xmission.com\/File:Genkeypair.png\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/wiki.xmission.com\/images\/5\/5a\/Genkeypair.png\" alt=\"Genkeypair.png\" width=\"311\" height=\"208\" \/><\/a><\/p>\n<p>6. After generating your Key Pair, it will look similar to the message below:<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Generatedkeypair.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/8\/89\/Generatedkeypair.png\/500px-Generatedkeypair.png\" alt=\"Generatedkeypair.png\" width=\"500\" height=\"250\" \/><\/a><\/p>\n<h3><span id=\"How_to_Send_and_Receive_Public_Keys\" class=\"mw-headline\">How to Send and Receive Public Keys<\/span><\/h3>\n<hr \/>\n<p>1. To send your public key, simply <b>right click<\/b> the OpenPGP zimlet under the &#8220;Zimlets&#8221; windows and select <b>&#8220;Send someone my public key&#8221;<\/b>.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Sendsomeonekey.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/5\/5e\/Sendsomeonekey.png\" alt=\"Sendsomeonekey.png\" width=\"278\" height=\"224\" \/><\/a><\/p>\n<p>2. To receive a public key from someone, they will need to send you their key. Zimbra webmail will automatically detect the presence of a public key when you load an email that contains one. You will receive a notice similar to the picture below:<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Receivedkey.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/d\/d5\/Receivedkey.png\/500px-Receivedkey.png\" alt=\"Receivedkey.png\" width=\"500\" height=\"146\" \/><\/a><\/p>\n<p>Some organizations and individuals may utilize trusted <a href=\"https:\/\/pgp.mit.edu\" target=\"_blank\">external keyservers.<\/a>\u00a0This Zimlet supports keyserver use.<\/p>\n<h3><span id=\"Auto_Decrypt\" class=\"mw-headline\">Auto Decrypt<\/span><\/h3>\n<hr \/>\n<ul>\n<li>You can <b>enable\/disable<\/b> the &#8220;Auto decrypt&#8221; option, inside the &#8220;Manage Keys&#8221; menu.<\/li>\n<\/ul>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Autodecrypt.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/b\/b4\/Autodecrypt.png\/500px-Autodecrypt.png\" alt=\"Autodecrypt.png\" width=\"500\" height=\"441\" \/><\/a><\/p>\n<h3><span id=\"How_to_Send_Encrypted_Messages_with_OpenPGP\" class=\"mw-headline\">How to Send Encrypted Messages with OpenPGP<\/span><\/h3>\n<hr \/>\n<p>1. Compose the body of\u00a0email, enter Subject, and click\u00a0<b>&#8220;Encrypt Message&#8221;<\/b>.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Encryptmssg.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/1\/12\/Encryptmssg.png\/500px-Encryptmssg.png\" alt=\"Encryptmssg.png\" width=\"500\" height=\"319\" \/><\/a><\/p>\n<p>2. You will be prompted to select message recipients from others you have public keys for. Now is when you\u00a0add any attachments to be encrypted. Any attachments added outside\u00a0of this field\u00a0<em>will not be encrypted<\/em>. Next, click &#8220;OK&#8221;.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Finishingmessage.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/2\/28\/Finishingmessage.png\/500px-Finishingmessage.png\" alt=\"Finishingmessage.png\" width=\"500\" height=\"394\" \/><\/a><\/p>\n<p>3. Your encrypted message appears in the compose window. The Subject line is not encrypted. Click &#8220;Send&#8221; button to complete.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Finishedpgp.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/1\/15\/Finishedpgp.png\/500px-Finishedpgp.png\" alt=\"Finishedpgp.png\" width=\"500\" height=\"431\" \/><\/a><\/p>\n<h3><span id=\"Managing_your_contacts_Public_Keys\" class=\"mw-headline\">Managing your contacts Public Keys<\/span><\/h3>\n<hr \/>\n<p>When you accept public keys, the OpenPGP Zimlet automatically adds them to your <b>&#8220;Managed Keys&#8221;<\/b> under the <b>&#8220;Public Keys&#8221;<\/b> section. This is unique to the user that sent them.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Managepubkeys.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/4\/43\/Managepubkeys.png\/500px-Managepubkeys.png\" alt=\"Managepubkeys.png\" width=\"500\" height=\"440\" \/><\/a><\/p>\n<h3><span id=\"Importing_your_own_PGP_Private_Key_to_OpenPGP\" class=\"mw-headline\">Importing your own PGP Private Key to OpenPGP<\/span><\/h3>\n<hr \/>\n<p>If you already have your own PGP Private Key, you can simply paste your key into the Private Key field inside the <b>&#8220;Manage Keys&#8221;<\/b> section of the OpenPGP zimlet.<\/p>\n<p><a class=\"image\" href=\"http:\/\/wiki.xmission.com\/File:Privatekey1.png\"><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/wiki.xmission.com\/images\/thumb\/a\/a1\/Privatekey1.png\/500px-Privatekey1.png\" alt=\"Privatekey1.png\" width=\"500\" height=\"443\" \/><\/a><\/p>\n<h3>About Private Key Security<\/h3>\n<hr \/>\n<p>It is important to keep your private key secure when using public key cryptography methods such as such as PGP. You should <strong>NEVER<\/strong>\u00a0share your private key with anyone under any circumstances.<\/p>\n<p>With that said, please note that the OpenPGP Zimlet does NOT store your private key on our servers. If you choose to &#8220;store&#8221; your private key, it will be stored <em>in your browser, <b>not on XMIssion&#8217;s\u00a0servers<\/b><\/em>. It is stored with AES-256 encryption. If you choose to store the passphrase to your key, that passphrase can be stored either on our servers or in your browser&#8217;s local storage. If you store your passphrase, it is potentially possible for somebody with access to your computer to acquire your unencrypted private key.<\/p>\n<p>You can also choose to store nothing, providing your private key and passphrase manually every time you need to sign or encrypt a message.<\/p>\n<p>We recommend storing your key, but not your passphrase, in your browser. This provides a good balance between security and convenience.<\/p>\n<h3><span id=\"Zimbra_Desktop\" class=\"mw-headline\">Zimbra Desktop<\/span><\/h3>\n<hr \/>\n<p>Those using the Zimbra Desktop application this Zimlet is not compatible for install. You will need to log in to your webmail to utilize this Zimlet.<\/p>\n<h3><span id=\"Zimbra_Desktop\" class=\"mw-headline\">Special Thanks<\/span><\/h3>\n<hr \/>\n<p>We want to thank Barry DeGraaff for creating the <a class=\"external text\" href=\"https:\/\/www.zimbra.org\/extend\/items\/view\/zimbra-openpgp-zimlet\" target=\"_blank\" rel=\"nofollow\">OpenPGP<\/a> zimlet and the <a class=\"external text\" href=\"https:\/\/www.zimbra.org\/extend\/users\/view\/zetalliance\" target=\"_blank\" rel=\"nofollow\">Zetalliance<\/a> for their on-going contributions to the Zimbra platform.<\/p>\n<p>Please comment, post questions, or share your experiences below.<\/p>\n<p><em><a title=\"Connect with me on LinkedIn, john801\" href=\"mailto:john@xmission.com\" target=\"_blank\">John Webster<\/a>, \u00a0XMission Email Product Manager and Zimbra evangelist, has worked at <a title=\"Go, XMission!\" href=\"https:\/\/xmission.com\/\" target=\"_blank\">XMission<\/a> for over 20 years doing his favorite thing: helping companies communicate with\u00a0customers\u00a0through\u00a0technology to grow their\u00a0business. When he\u2019s not uncovering <a title=\"More Zimbra tips from John\" href=\"http:\/\/xmission.com\/blog\/?s=zimbra&amp;searchsubmit=Search\" target=\"_blank\">Zimbra\u2019s secrets<\/a>\u00a0you might find him in our beautiful Utah mountains. \u00a0<a title=\"Connect with me on LinkedIn, john801\" href=\"https:\/\/www.linkedin.com\/in\/john801\" target=\"_blank\">Connect with him on LinkedIn today!<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The OpenPGP Zimlet allows XMission Zimbra webmail to encrypt and sign email messages. It is available to XMission\u00a0Zimbra Premium or Personal Premium\u00a0mailboxes. OpenPGP encryption prevents your messages from being opened by anyone other than the intended recipient. It will prevents your message from being altered or changed by anyone other than yourself, maintaining the authenticity [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[449,253,255,180,396,458,310,468,3,39],"tags":[562,564,563],"class_list":["post-4475","post","type-post","status-publish","format-standard","hentry","category-collaboration","category-email-2","category-exchange-replacement","category-hosting","category-mail-server","category-office365","category-open-source","category-open-source-edition","category-security-safety","category-zimbra","tag-openpgp","tag-zetalliance","tag-zimlet"],"_links":{"self":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/4475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/comments?post=4475"}],"version-history":[{"count":28,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/4475\/revisions"}],"predecessor-version":[{"id":4711,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/posts\/4475\/revisions\/4711"}],"wp:attachment":[{"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/media?parent=4475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/categories?post=4475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xmission.com\/blog\/wp-json\/wp\/v2\/tags?post=4475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}