OpenPGP Zimlet


The OpenPGP Zimlet allows XMission's Zimbra webmail to encrypt and sign email messages.

OpenPGP encryption prevents your messages from being opened by anyone other than the intended recipient. It will prevents your message from being altered or changed by anyone other than yourself, maintaining the authenticity of your content.

Note: Your public key may be shared with others, while your private key remains secret to yourself and your Zimbra OpenPGP Zimlet!

How It All Works

By creating a message that is encrypted with the OpenPGP Zimlet, only recipients with a matching private key are able to decrypt and read your email. The OpenPGP Zimlet makes this process as simple as clicking a few buttons. After composing your email, you may click the "Encrypt Message" option.

Note: Only Plain Text in the message body is encrypted. This Zimlet automatically converts messages to plain text when you click "Encrypt message."


OpenPGP Zimlet Setup Guide

1. Open your Preferences in Zimbra.


2. Navigate to "Zimlets".


3. Check the box for "OpenPGP".


4. Return to your "Mail" tab and expand the "Zimlets" options to find "OpenPGP".


5. Right click on OpenPGP and select "Generate Key Pair".


6. After generating your Key Pair, it will look similar to the message below:


How to Send and Receive Public Keys

1. To send a public key, simply right click the OpenPGP zimlet under the "Zimlets" windows and select "Send someone my public key".


2. To receive a public key from someone, they will commonly need to send you their key. You will receive an email with a message similar to the picture below:


Auto Decrypt


How to Send Encrypted Messages with OpenPGP

1. Compose the body of your message followed by clicking "Encrypt Message".


2. Once you have finished, and have clicked "Encrypt Message" you will receive a confirmation window.


3. The body of your message will be encrypted and encoded as base64. You may now send the message to the desired recipients.


Managing your contacts Public Keys

When you accept public keys, the OpenPGP Zimlet automatically adds them to your "Managed Keys" under the "Public Keys" section. This is unique to the user that sent them.


Importing your own PGP Private Key to OpenPGP

If you already have your own PGP Private Key, you can simply paste your key into the Private Key field inside the "Manage Keys" section of the OpenPGP zimlet.


Supported Formats of OpenPGP

Sending Messages

Receiving Messages

About Private Key Security

It is important to keep your private key secure when using public key cryptography methods such as such as PGP. You should not share your private key with anyone under any circumstances.

With that said, please note that the OpenPGP Zimlet does NOT store your private key on our servers. If you choose to "store" your private key, it will be stored in your browser, not on our servers. It is stored with AES-256 encryption. If you choose to store the passphrase to your key, that passphrase can be stored either on our servers or in your browser's local storage. If you store your passphrase, it is potentially possible for somebody with access to your computer to acquire your unencrypted private key.

You can also choose to store nothing, providing your private key and passphrase manually every time you need to sign or encrypt a message.

We recommend storing your key, but not your passphrase, in your browser. This provides a good balance between security and convenience.

Zimbra Desktop

Those using the Zimbra Desktop application this Zimlet is not compatible for install. You will need to log in to your webmail to utilize this Zimlet.

Storing public keys to Zimbra contacts

Optionally you can store public keys in Contacts, the Zimbra Addressbook. First enable the Scan Contacts option then copy/paste public keys to the notes field of your contacts.

Reading messages encrypted/signed with Thunderbird/Enigmail

OpenPGP/MIME encrypted messages using RFC 3156 implemented in Thunderbird/Enigmail can be decrypted and verified by this Zimlet. This is beta functionality. Plain text messages and attachments are supported. HTML formatted messages are converted to plain text.

Attachments encrypted by Zimbra OpenPGP Zimlet can be decrypted by Thunderbird/Enigmail users, right click the attachment and click `Decrypt and Open`.

Exporting public keys from Enigmail to Zimbra

You can export all your public keys from Enigmail to Zimbra, first copy them from Enigmail Key Management, and then paste them in the notes field of a new contact in Zimbra, also enable contacts scanning.


Key fingerprint verification is actually much easier than it sounds. In a nutshell, both sides should compare the fingerprints of the public key in question. If the fingerprints match, then they can proceed to send a message. If they do not, then the key can NOT be trusted.

The process of comparing fingerprints should be performed through a mechanism whereby the identity of the owner of the public key in question is known or trusted. This may come in the form of a phone call to a trusted phone number, a face-to-face conversation or for example a business card exchange. The goal is to ensure that the person you are communicating with is who you think he or she is. If you know the key’s owner and recognize their voice, it is easy enough to call them and verify the key’s fingerprint over the telephone.

It is best to use a different communication method than the one that was used to send the key itself. A good combination is to send the key via e-mail, and the key fingerprint via a telephone conversation or received in person on a business card.

This help page was written by XMission under the GNU Free Documentation License.