StartMail supports the capability to digitally sign your message to another user using your PGP key pair.
Your digital signature serves a similar purpose as a hand-written signature. It authenticates the source of a message. Additionally, it timestamps and certifies that the content of a message has not been modified. It provides a way to verify the sender's identity by guaranteeing that the person sending the encrypted email is the owner of a private key that matches the sender's email address. More information can be found in our Technical White Paper here.
A user’s private PGP key is used to sign a message. The signature is verified with the user’s public PGP key. In order to verify the authenticity of the sender’s signature, the receiver must have the sender’s legitimate public PGP key.
If someone has access to your private PGP key, they can impersonate you in an electronic message. Likewise, if you have an altered version of someone’s public PGP key rather than the legitimate public PGP key, you can impersonate that person with that altered key pair.
StartMail provides a setting to digitally sign every email, or you may choose to digitally sign an email while composing it.
Opening a PGP signed message
- When you open a PGP signed message from a recipient it will show this in the interface. In the message list a sign icon is added:
On the message itself, it will indicate that the message is signed:
- If there is an error checking the signature, it will also indicate this. For instance this can happen if you do not have the (correct) public key of the sender:
Signing a message
- Compose a mail and click Sign
- A blue border with a sign icon will appear, indicating that you have selected to sign this mail. When you are finished typing your mail, click Send
- You will be prompted to enter your PGP passphrase. Enter your PGP passphrase and click Sign and Send
- A notification will appear at the bottom of your screen.
- Your recipient(s) will see an icon indicating that the sender has signed their mail.
Sign messages by default
To sign all outgoing mail by default, go through the following steps:
- In your StartMail inbox, click on Settings
- In the menu on the left side, click on Encryption settings
- Click on the toggle button under Sign outgoing mail by default
- The button is now green, indicating that all outgoing mail will be signed by default.