PGP Signing

StartMail supports the capability to digitally sign your message to another user using your PGP key pair.

Your digital signature serves a similar purpose as a hand-written signature. It authenticates the source of a message.

Additionally, it timestamps and certifies that the content of a message has not been modified.

It provides a way to verify the sender's identity by guaranteeing that the person sending the encrypted email is the owner of a private key that matches the sender's email address. More information can be found in our Technical White Paper here.

A user’s private PGP key is used to sign a message. The signature is verified with the user’s public PGP key. In order to verify the authenticity of the sender’s signature, the receiver must have the sender’s legitimate public PGP key.

If someone has access to your private PGP key, they can impersonate you in an electronic message.

Likewise, if you have an altered version of someone’s public PGP key rather than the legitimate public PGP key, you can impersonate that person with that altered key pair.

StartMail provides a setting to digitally sign every email, or you may choose to digitally sign an email while composing it.

Opening a signed message
Signing a message
Sign messages by default

Opening a PGP signed email message

When you open a PGP signed message from a recipient it will show In the message list with a sign icon added:
On the message itself, it will indicate that the message is signed:

Screen_Shot_2021-07-07_at_7.44.55_PM.png

To open the email, you'll need to enter your PGP passphrase.

More information about the PGP passphrase can be found here: PGP passphrase

Screen_Shot_2021-07-07_at_7.44.10_PM.png

If there is an error checking the signature, it will also indicate this. For instance this can happen if you do not have the (correct) public key of the sender: