End-to-End Encryption
and Digital Signing

A quick guide to E2EE and digital signatures

  1. End-to-End Encryption (E2EE)
    It is a method used for securing encrypted data while it is moving from source to the destination. In End-to-End Encryption, the data is encrypted on the sender's system and only the intended recipient will be able to decrypt it. Nobody in between (be they an internet service provider, application service provider or hacker, ...) can read it or tamper with it, thereby providing a great deal of confidentiality and protection to all of your communications.
  2. Digital Signature
    It is an equivalent of a handwritten signature or stamped seal, but offering far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications. It gives absolute authenticity and integrity to all of your messages.

The process

Simply said

E2EE

How to

  1. How to generate your Personal key?
    1. Go to Settings > Messages > Encryption and click on Add personal key.
    2. Click on Generate a new personal key.
      • - Select the email address for which you would like to generate your key pair.
        - Put an expiration date OR set it to not expire.
        - Type your passphrase and confirm it by entering it again.
        - Tick the box Publish on Public key server which will upload your public key on the public key server - a common place where public keys of other people resides.

        E2EE This is a non-reversible process. It will also publish your given name along with your associated email address that you will not be able to delete or modify. However, this will allow other users to find your public key easily.

        - Then click on Generate a new personal key.

        E2EE Optional: Generate your revocation certificate (strongly recommended) and place it on the safest digital storage that you have. It will allow you to revoke your Personal Key in case of forgotten passphrase or key-compromised situation and let people know that you no longer use this key pair.

      E2EE
  2. How to import your key pair?
    1. Go to Settings > Messages > Encryption and click on Add personal key.
    2. Click on Import a key.
    3. Copy and paste your private key text (ASCII-armoured version) and click on Import or click on Import from file to import your private key via file.
    4. E2EE
  3. How to export your personal key?
    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Export. Place it on your safest digital storage.
    3. E2EE
  4. How to generate a revocation certificate?

      E2EE It is strongly recommended to generate your revocation certificate (right after you generate your key pair) and place it on the safest digital storage that you have. As it will allow you to revoke your Personal Key in case of forgotten passphrase or key-compromised situation and let people know that you no longer use this key pair.

    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Generate a revocation certificate.
    3. Enter your passphrase and click on Ok.
    4. E2EE

      E2EE ACT IMMEDIATELY IF SOMEONE GETS YOUR PRIVATE KEY
      If you lose your private key (or doesn't want to use it anymore) or it has been compromised, it's important to revoke it immediately before someone else uses it to read your encrypted data or forge your digital identity. Also, after you're done revoking it, send an email to all of your contacts and let them know that you don't use that key anymore and (if possible) provide them your new public key as well.

  5. How to send your public key by email?
    1. Go to your messages and click on New.
    2. Fill-up all the fields as usual and compose your email message.
    3. Go to Attachment and click on Attach my public key.
    4. E2EE
  6. How to publish your public key on public key server?

      E2EE This feature do not applies to a public key that is already published on public key server.

    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Publish on public key server.
    3. E2EE This is a non-reversible process. It will also publish your given name along with your associated email address that you will not be able to delete or modify. However, this will allow other users to find your public key easily.

      E2EE
  7. How to add a public key?
    1. Go to Settings > Messages > Encryption and click on Add public key.
    2. Click on Search in public key servers. Write down the Name or email ID or Key ID of your contact person and click on Search. Select the 'right' public key and click on Import.
    3. OR Click on Import a key, copy and paste the public key content of your contact and click on Import or click on Import from file to import your contact public key via file.
    4. E2EE

      E2EE
  8. How to export a public key?
    1. Go to Settings > Messages > Encryption and click on Public key of your contact.
    2. Click on Export.
    3. E2EE
  9. How to verify the revocation and/or expiration status of a public key via Update feature?
    1. Go to Settings > Messages > Encryption and click on Public key of your contact.
    2. Click on the Update from public server.
    3. E2EE
  10. How to keep your Personal key passphrase in browser memory?
    1. Go to Settings > Messages > Encryption.
    2. Tick the box Keep your passphrase in memory for and enter the number of minutes.
    3. E2EE This will keep the Personal key passphrase in browser local memory for the set number of minutes (30 by default); applies only to digital signatures and encryption/decryption of messages. However, if you close your browser window, the passphrase will delete right away from browser's local memory.

      E2EE
  11. How to send a digitally signed email?
    1. Go to your messages and click on New.
    2. Fill-up all the fields as usual and write down your email message.
    3. Now click on the down-arrow over the Send button.
      • Click on Sign & Send.
      • Enter your passphrase and click on OK.

      E2EE The recipient will need to have your public key to be able to validate your digital signature.

      E2EE
  12. How to turn on digital signing for all outgoing mails?
    1. Go to Settings > Messages > Encryption.
    2. Tick the box Sign all my emails with my personal key.

      E2EE Make sure you have the private key of all sending email addresses. The recipient will need to have your corresponding public key to be able to validate your digital signature.

      E2EE
  13. How to send an encrypted and digitally signed email?
    1. Go to your messages and click on New.
    2. Fill-up all the fields as usual and write down your email message.
    3. Now click on the down-arrow over the Send button.
      • Click on Sign, Encrypt & Send.
      • Enter your passphrase and click on OK.

      E2EE You will need the public key of your recpient to be able send an encrypted email.
      The recipient will need to have your public key to be able to validate your digital signature.

      E2EE
  14. How to decrypt an encrypted email?
    1. Go to your messages and click on Inbox.
    2. Select the encrypted message which you would like to decrypt and click on Decrypt it.
    3. Enter your passphrase and click on OK.
    4. E2EE
  15. How to change your Personal key passphrase?
    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Change passphrase.
    3. Enter your current passphrase and click Okay.
    4. Type your new passphrase, confirm it by entering it again and click on Ok.
    5. E2EE This will only change the passphrase on the existing version of your Personal key in the key store. The passphrase on any previously exported copy of the key pair will remain unchanged.

      E2EE
  16. How to modify the expiration date of your Personal key?

      E2EE While you can still decrypt emails using an expired and/or revoked Personal key, you can not sign emails using your expired and/or revoked Personal key. Also sending an encrypted email using expired and/or revoked public key of the recipient is not allowed.

    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Edit (next to the expiration date).
    3. Enter your passphrase and click on Ok.
    4. Choose the New expiration date OR tick the box This key does not expire. For updating the expiration date of public key that had been published on Public key server, tick the box Publish on public key server.
    5. Click on Save.
    6. E2EE
  17. How to revoke your personal key?
    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Revoke, enter your passphrase and click on Ok.
    3. Read the warning message carefully before proceeding.
    4. E2EE Tick the box Publish on public key server so everyone can see that it has been revoked and you no longer use it.

    5. Click on Revoke.

      E2EE After you're done revoking your personal key, send an email to all of your contacts and let them know that you don't use that key anymore and (if possible) provide them your new public key as well.

      E2EE While you can still decrypt emails using an expired and/or revoked Personal key, you can not sign emails using your expired and/or revoked Personal key. Also sending an encrypted email using an expired and/or revoked public key is not allowed.

      E2EE
  18. How to upload a revocation certificate on public key server?
    1. Go to https://pgp.mit.edu.
    2. In Submit a key section, copy and paste the text of your revocation certificate (ASCII-armored version) into the text box.
    3. Click on Submit.
    4. E2EE This is a non-reversible process. You will not be able to unrevoke and/or undelete it.


      E2EE
  19. How to delete your key pair?

      E2EE If you want to use this key pair in the future then make sure that you've already exported and saved it in the safest digital storage that you have. Otherwise, after deleting your key pair you'll have no way to retrieve it back.

    1. Go to Settings > Messages > Encryption and click on your Personal key.
    2. Click on Delete.
    3. Read the warning message carefully and click on Yes if you want to proceed.
    4. E2EE
  20. How to delete a public key?
    1. Go to Settings > Messages > Encryption and click on Public key of your contact.
    2. Click on Delete.
    3. Click on Yes.
    4. E2EE