Encrypt your mails using PGP & Roundcube

Requirements:
  • You have an account at console.online.net
  • You have a web or cloud hosting account
  • You have configured an email account

This tutorial will explain how you can encrypt your mail for more secure communication with PGP, either from the Webmail or by a client on your local computer.

Since version 1.2 of Roundcube, the webmail used by Online.net to read your e-mails, offers options to encrypt your mails with PGP, helping to ensure:

  • Confidentiality of mails
  • Assurance that the sender is who he claims to be

Keep in mind, that PGP encryption of your email includes a non-repudiation character, this means once the email is sent and received, you can not say “it was not me, who sent it”.

Therefore you should think twice, before you send a signed mail.

Roundcube offers currently two ways to encrypt your mails: Enigma & Mailvelope.

The main difference is that Enigma works on the server side. This means all encryption is done on the server of Online.net and that your private key is therefore stored on it.
This means you have to fully trust the server of Online.net, if you want to use this solution.

Mailvelope works on the client side (by using a browser extension).

Enigma - The "server-side" solution

This option is currently only available for CLOUD hosting offers. It is not yet available for WEB hosting offers.

Manage your identities

In a first step, you have to create the identity associated to your PGP key.
Go to Roundcube's settings:

Then access the Identities section:

An identity is normally already created. You can edit it, it has to contain at least contains the correct Display Name.

PGP key management

Once you have correctly entered your identity, you have to access the PGP Keys menu to create your PGP key.

If you already have a key, you can import it from this page.

Note that Enigma doesn't support yet the publication & retrieval of PGP Key on the Web of Trust.
Therefore, if you want to publish your key or retrieve the key of your contacts, you'll have to do it manually.

You will see the following form:

Now you have to:

  • Select the desired identity
  • Select the size of the key (2048 is proposed as standard. It is sufficient. You can also choose 4096, if required)
  • Enter and confirm the password, that protects your private key

Once this is done, save your key.

It will now appear in the list of available keys:

Configuration of general PGP settings

If you want to use PGP regularly, we invite you to keep the first three options activated by default.

  • Sign all messages by default: If enabled, all messages you send will have a character of non-repudiation. The recipient will be sure that you have sent the message.
  • Encrypt all messages by default: This option encrypts all messages automatically with the public key of the addressee (if he uses PGP) - so the message will only be readable with his private key.
  • Attach my public PGP key by default: This attaches automatically your public PGP key to all outgoing mails.

It allows that your PGP using recipients are able to verify the signature of a message or to send you encrypted messages, if needed.

  • Keep private key passwords for : The time-frame in which Roundcube keeps the password of your private key.

Once the time has elapsed, it will you ask for the password, when sending mail.

Write a PGP-compliant mail

If you did not enable the PGP options that sign / encrypt your mails by default, you can enable it manually when you write an email.

To do that, click on Encryption in the utility bar.

You can now choose to

  • Sign the message: Digitally sign this message
  • Encrypt the message: Encrypt this message
  • Attach your public key: Attach my public key

Mailvelope - The "client-side" solution

Mailvelope, works on the client side and requires you to install an extension in your browser.

Configuration of the extension

Once you have installed the extension, enter its options:

As for Enigma, you can either create a new key or import an existing one, if you already have one:

You can simply keep all advanced parameters in their default values.

Once your key has been generated or imported, you will be able to see it in the list of available keys in the extension:

Now enter your Roundcube interface and click on the Logo of the extension, then on Add:

Mailvelope is now configured to be working with your Online.net Webmail.

Write a PGP signed or encrypted mail

Once you have configured the extension, go back to your webmail and open the interface for writing new mails.
You will notice that a small icon of the extension is visible now. Click on it to write an email with PGP:

Once you have clicked on it, a pop-up will appear:

You can write your mail now. Once you have finished, you can choose to sign or encrypt the mail.

You will be asked for the password of your key:

Encrypt/Sign a mail

To encrypt a mail, you have to choose your identity , as well as the one of the addressee of your mail, to be able to encrypt it with his public key:

To sign a mail, you simply have to choose your identity:

Send the mail

Once you have been redirected after encrypting and/or signing, you mail will appear in it's final form in the window of the extension:

Now simply click on Transfer to transfer your mail into Roundcube's interface.

Once it has been Transferred, you can easily send the mail as usual from your web-mail interface:

Discover more

Mailvelop offers also other options & possibilities for the management of your PGP signed mails.

Feel free to visit their Internet site & their documentation !