Messages

"Current notices about Posteo: News, developments, background information and media appearances."

Messages

New: Posteo webmail interface can find public keys

Created at 22.December 2015, 14:00 | Category: Info

Dear Posteo users,

We have now made end-to-end encryption in the Posteo webmail interface even easier.
Attachments can now also be conveniently encrypted (with PGP/MIME) in the webmail interface.

At the same time we have made the first application for our new Posteo key directory available:

If you use end-to-end encryption with Posteo in the browser, Posteo finds the public keys for your contacts – in many cases, automatically. This is made possible by the Posteo key directory and Posteo key search: Our key search automatically searches worldwide for corresponding public keys for your contacts and displays them to you before you send an email.

In many cases, therefore, you no longer need to ask a contact for their public key before being able to send them an encrypted email.

It occurs in the background:
When you enter a recipient for your email, our innovative key search peforms a search for corresponding keys for the email address. It searches not only the worldwide PGP key servers, but also the DNS – the so-called “internet telephone book”, as well as additional sources of the Posteo key directory. If the key search finds a key for your contact’s email address, this will be displayed. Thus end-to-end encryption becomes convenient and modern, and without losing security: The encryption in the webmail interface occurs with the open source plug-in Mailvelope, which is installed locally. This ensures genuine end-to-end encryption in which your private key always remains locally on your devices. It is not saved on our servers at any point, as this would reduce the principle of end-to-end encryption (between the sender and recipient of an email) to an absurdity. The encryption and key search also work with all email providers that adhere to internationally agreed-upon standards for the field of email. This is no stand-alone or proprietary solution for which both communication partners would need to use the same provider in order to communicate with one another using encryption.

For security reasons, our philosophy is to exclusively use genuine end-to-end solutions, open-source technologies and free standards. In our view, only thus can maximum security, transparency, comfort and compatibility be obtained. The Mailvelope plug-in is open source and has undergone a security audit (by Cure53).

Instructions:
Step-by-step instructions for the setup and use of end-to-end encryption in the Posteo webmail interface can be found in our help section.

Customers who already use end-to-end encryption in the Posteo webmail interface can also find instructions in the Posteo help section on activating the new Posteo key search and encrypting attachments in a few easy steps.

For developers:
We have developed an open source plug-in for the Roundcube email client, which is published under the AGPL licence and can be found on Github.

Best regards and happy holidays,

The Posteo team