PGP is a tool allowing e-mail encryption and signature.
- Encrypting a message ensures the sender that only the recipients will be able to decrypt and thus read the message and its potential attachments.
- Signing a message ensures the identity of the sender to the recipients.
PGP is the abbreviation of Pretty Good Privacy.
postel.bzh proposes a server-side PGP integration as a trusted third party.
The PGP integration in postel.bzh has the following characteristics:
- native webmail integration (PGP/MIME)
- sending and receiving PGP e-mail
- management of the signature and the encryption of e-mails
- operation independent of the client, allowing an equivalent usage on all devices
- potential attachments as well are encrypted in the message and even their presence is not visible without decryption
- however the subject of the email is not encrypted and must not contain sensitive information
- generation of private/public PGP key pairs
- import/export of PGP keys generated on postel.bzh or with other tools
As a trusted third party, postel.bzh commits to ensure a maximal security to the users' PGP keys.
Users who wish to use PGP without a trusted third party need to install a mail software with cryptographic capabilities on each device used to access the encrypted e-mails.