eMail Encryption

The principle

For example, let's say you want to send pmlink a message that contains confidential information. You will need a key from pmlink in the form of a small file. You can download this public key from the website, or it can be sent to you by email.

You then import this key into your certificate management, create your message, and sign it before sending it by typing your password. The main advantage: Only pmlink will be able to decrypt your message. pmlink also only requires its own password - not yours. This works because you have used a portion of pmlink's key.

In short: Once installed, each participant needs the public key of the given recipient, and if this is stored in key management, only their own password is needed to ensure secure communications.

Required software and plug-ins

• PGP (pretty good privacy), an open-source encryption program incl. key management - it contains all recipients' keys, as well as its own public and private keys.
• an email client – like Thunderbird or Outlook. Web browser email is unfortunately only marginally supported.
• generally a plug-in for this email client:
  • Thunderbird ⇒ Enigmail
  • Outlook ⇒ Instructions
  • Windows Live Mail ⇒ Instructions

Your first encrypted message in 3 steps

Step 1 - install PGP and key management

The following steps assume that you already use an email client and possess administrative rights for your computer.

•    Download a full version of PGP incl. the key management "Kleopatra" at http://www.gpg4win.de.
•    Download the PGP suite at https://gpgtools.org.
•    Install the key management named "Kleopatra" from your distribution's application management / software installation.

Security comes first: To verify whether the correct packet has been downloaded without errors, the download signatures are often provided on the platforms, which begin with the hash method, for example, SHA1, SHA-256, MD5, etc. and end with a long sequence of letters and numbers.
After downloading the program, you can calculate the hash value of the file and compare it with the value on the platform. If they are identical, there has been no tampering/corruption. You need a hash total calculation program for this, for example: HashCheck – Download e.g. at heise.de.

Step 2 - Create a key pair

After installing and starting the "Kleopatra" key management, generate a new certificate, i.e.

• a key pair (public + private) for your already
• existing email address, which you also intend to use for secure communication.
• You need a password for your secret key

2048 bit strength is sufficient. In the event that you forget your password, you can revoke your public key via certificate.

Step 3 - Send or receive a message

Import the key you downloaded from pmlink into "Kleopatra" as a certificate. You can see the fingerprint of the public key under certificate details. This should be the same as on the pmlink contact page. If this is the case, you may decide to increase the trustworthiness of the key holder. If you are unsure it is best to use the telephone.

After receiving a message, simply enter your personal password, and the message will then be readable in plain text.