The guides we have published elsewhere on this website are very much beginners guides. They assume that the reader has not used email encryption before, and is setting it up for the first time.
After reading the guides you could be forgiven for thinking that encryption just works once it is installed. Your experience might be that it does, and from a sending point of view you may not have any problems until your recipients tell you that there are.
Not all of an email is encrypted
You could be forgiven for thinking that once you encrypt an email that everything you typed is secure. That’s not actually the case. Out of necessity the headers of the email including the sender, recipients, date/time, server details and the subject line are not encrypted. If they were, it would not be possible to deliver your message using standard email protocols used worldwide.
Therefore, do not include anything confidential in the subject line of an encrypted email. You can see examples of what encrypted emails look like in our set up guides.
Sending signed email to people not using PGP
You can’t encrypted email to people whose public keys you do not have. So sending an encrypted email to someone not using OpenPGP is not going to be a problem. If you forward an email encrypted to you to someone else, then unless you decrypt it first the new recipient won’t be able to read it.
Sometimes there is a problem when you sign the emails you send. The problem occurs when whatever email client or webmail service the recipient is using doesn’t know how to handle the signature part of the email. There are examples of what the signatures look like in the set up guides.
The problem presents itself as both the signature and the main content of your email appearing as attachments, and the main message window being blank. Unless a recipient realises what has happened, they might think you sent them a blank email.
They can in fact still read your message by opening the attachment, but they might not realise this.
The issue is caused because the OpenPGP specification officially supports PGP/MIME as the way to send encrypted and signed emails. MIME (Multi-purpose Internet Mail Extensions) is an addition to the normal email standards that allow different content types to be defined and transferred in email messages. Content such as photographs, audio, computer programs, documents, formatted text and text using non-English character sets etc… are defined this way. PGP signatures and encrypted messages are also defined this way.
Email clients and webmail services that handle the PGP/MIME better display the content of your email as they would normally, and show the signature as a tiny attachment that can be ignored by people receiving your emails who don’t use PGP.
Below we have listed some email clients and webmail services that handle PGP/MIME well even if not actually PGP enabled themselves.
Clients
Windows: Mozilla/Thunderbird/SeaMonkey, Outlook 2013, Claws Mail, Pegasus Mail
OS X: Mozilla/Thunderbird/SeaMonkey, Apple Mail, Outlook 2011
Webmail
AOL, Yahoo, Gmail
Please help us to add to these lists, or volunteer to try this out for us with a client or email service not listed above by contacting Runbox Support.