StartMail supports the capability to digitally sign your message to another user using your PGP key pair.
Your digital signature serves a similar purpose as a hand-written signature. It authenticates the source of a message.
Additionally, it timestamps and certifies that the content of a message has not been modified.
It provides a way to verify the sender's identity by guaranteeing that the person sending the encrypted email is the owner of a private key that matches the sender's email address. More information can be found in our Technical White Paper here.
A user’s private PGP key is used to sign a message. The signature is verified with the user’s public PGP key. In order to verify the authenticity of the sender’s signature, the receiver must have the sender’s legitimate public PGP key.
If someone has access to your private PGP key, they can impersonate you in an electronic message.
Likewise, if you have an altered version of someone’s public PGP key rather than the legitimate public PGP key, you can impersonate that person with that altered key pair.
StartMail provides a setting to digitally sign every email, or you may choose to digitally sign an email while composing it.
Opening a PGP signed email message
- When you open a PGP signed message from a recipient it will show In the message list with a sign icon added:
- On the message itself, it will indicate that the message is signed:
- To open the email, you'll need to enter your PGP passphrase.
More information about the PGP passphrase can be found here: PGP passphrase
- If there is an error checking the signature, it will also indicate this. For instance this can happen if you do not have the (correct) public key of the sender:
- To exchange PGP keys please click this link: Send or import public key
Signing an email
1. Compose an email, click Sign and then Send (or the SEND icon)
2. You will be prompted to enter your PGP passphrase. Enter your PGP passphrase, click Sign and Send
Sign messages by default
To sign all outgoing mail by default use the following steps:
- Go to Settings > Encryption and click on the toggle button under Sign outgoing mail by default