If you wish to use inbound encryption or publish your public key in the Posteo key directory, you will need to add your public S/MIME or OpenPGP key at Posteo.

Because we work with a strong concept of data economy at Posteo, we do not save any personal details such real names, for example. We have therefore implemented guidelines for the upload of public keys to help protect your privacy. Before uploading your public key, please check whether it conforms to the guidelines.

Posteo policies for public keys

S/MIME keys

If you would like to store an S/MIME key with Posteo, please use a Class 1 S/MIME certificate. This contains your email address only. Certificates of other classes contain a name and therefore can not be added at Posteo.

OpenPGP keys

Your public OpenPGP key must fulfil the following criteria if you wish to store it at Posteo:

1. The name field must be empty or contain your email address only
2. The public key can only contain one email address. Subkeys or multiple email addresses are not permitted.
3. The key must contain your Posteo email address or one of your alias addresses
4. The key must not be signed by others
5. The key must not contain a photo or any other personal details

About point 1: The empty name field

When creating a key pair, many PGP users enter not only their email address but also their real name in the name field. Such keys can not be uploaded to Posteo, because Posteo does not save any personal information, for privacy reasons.

Although the name field exists in many programs, entering a name is not necessary in order to create a PGP key. When creating your key, leave the name field empty. If you encryption program does not allow this, you can alternatively enter your email address in the name field.

Instructions on creating a data-efficient end-to-end key pair can be found in our help section for end-to-end encryption.

About point 2: One email address per key

Keys stored at Posteo can only contain one email address. This ensures that no connection can be made from your PGP key to any of your other email addresses.

About point 3: Main Posteo address or Posteo alias

The email field for the key must contain your Posteo email address or one of your Posteo alias addresses. Keys that you have created for email addresses with other providers can not be uploaded. This ensures that no connection can be made between your Posteo account and your other email addresses.

Related help articles

• How do I create and use an S/MIME key pair?
• How do I set up end-to-end encryption with S/MIME in Thunderbird?
• How do I install end-to-end encryption for the Posteo webmail interface with Mailvelope (PGP)?
• All information on inbound encryption