Zertifikate nutzen

Many users prefer to use their standard eMail program for receiving secure messages, too. PrivaSphere Secure Messages can be delivered (at this time) to your standard eMail user interface by providing PrivaSphere your public key (PGP or X.509). This will enable a secure delivery to your standard eMail account

Edit Profile - advanced security settings

1. Prepare setup:

  • Locate the public key file on your PC ( What is a public key).
  • If you do not have a certificate, get one first (as used only to secure the transmission between your PrivaSphere Messaging server and yourself a self signed certificate is sufficient)

2. PrivaSphere account > edit profile > Advanced security settings:

  • Upload your public key with the browse button (only one, S/MIME or PGP).
  • Check BCC to your account, if you wish to keep a copy of your sent messages in your mail program
  • Press the "update account" button.


3. You receive a system message 'first encrypted message' to your mail client. (This message will be signed. Please see find our PrivaSphere OpenPGP signature validation public key!
You might want to Right-click on the link and choose "Save Target Link As". If you want to save it out of your browser, save it as text, but with the file extension ".asc". The key's fingerprint is 8D34 5AEC F4F4 6DDF 9E29 3F7C 7FF2 EE5C 4259 F31C. If you are not familiar with this, please see The GNU Privacy Handbook .

Receiving large attachments
Many mail servers and providers limit the message size. Large files may need to be downloaded directly from the PrivaSphere web mail interface anyway.

Do not use PGP public keys with a key or subkey that is not of length 2x*1024 i.e. 2048 or 4096 are good, but 3072 is bad.
Also, you might have troubles with the Microsoft proprietary attachment format winmail.dat bad.


  • Use this feature when you cannot get from your mail program to our port 995 (e.g. because your firewall forbids this)
  • When your mail program cannot do SSL on POP3 or is incompatible with our secure POP server but is capable of doing GnuPG or SMIME
  • If you only can do IMAP and not POP3 with SSL.

Local Decryption:

  • Desktops
    Most desktop mail clients have some S/MIME support.
    It's integrated in most eMail clients like Outlook , Mozilla Thunderbird, Lotus Notes and others.
    In particular, Thunderbird has nice pgp/gpg plugins.
  • Smartphones
    For several Smartphones SMIME apps are available:
    Android: http://www.djigzo.com/android.html , etc.
    iPhone: see iTunes


If you still cannot receive PrivaSphere Secure Messages into your mail client, then contact PrivaSphere support for additional assistance.


See also:

Für Domänen, die über zugängliche PKI Verzeichnisse mit X509 Verschlüsselungs-Zertifikaten der Benutzer verfügen, besteht die Möglichkeit der komfortablen direkten Einbindung.

Damit können alle Vorteile der individuellen Zertifikate kombiniert mit der sicheren Übermittlung durch PrivaSphere™ Secure Messaging genutzt werden.

Der Benutzer Ihrer Domäne logt sich einmal in PrivaSphere™ Secure Messaging ein, bestätigt sein Verschlüsselungszertifikat und erhält von dann an alle sichere Meldungen ab der PrivaSphere™ Secure Messaging Plattform automatisch als  verschlüsseltes S/Mime Mail wie gewohnt ausgeliefert.

Wenn davon ausgegangen wird, dass der Empfänger selten PrivaSphere Mails empfangen wird und Fehlleitungsschutz nicht nötig ist, kann mit dem Betreff-Befehl <unSafeRoute> eine direkte S/Mime-Verschlüsselung an den Empfänger ausgelöst werden, ohne dass der Empfänger sein Empfangszertifikat bestätigen muss oder ein Einmal-Passwort (MUC) zur Anwendung kommt.

Für nähere Angaben oder um Ihr PKI Verzeichnis in PrivaSphere aufnehmen zu lassen wenden Sie sich bitte an die PrivaSphere AG (info@privasphere.com)

Voll integriert sind aktuell z.B.

 - siemens.com

- migros.ch

Falls Sie in einer Organisation sind, die ihre Verschlüsselungszertifikate in ähnlicher Art zur Verfügung stellt oder an solche senden, kontaktieren Sie uns bitte.


Siehe auch:

How to get a X509 or S/MIME public key certificate for free:

use a tool to create one yourself:

This has the advantage, that you don't have to rely on anyone else for your certificate, except for the creator of the software.
This is perfectly fine if you just use it between PrivaSphere and your Mail Program, but if you also want to use it you send signed e-mail out of your Mail Program, your counterparts will have to explicitely trust your self-signed certificates . Thus you are back to the trust management done by the OpenPGP world above.

However, a certificate be obtained for from the following sites:

They might also sign a certificate signing request (CSR) created by xca or keystore explorer, etc. as above!

With full operating system support

Typically, this is a paid service. Sites:

How to get a PGP public key certificate:

https://www.gpg4win.org/  (Kleopatra)

see also the corresponding manual how to bootstrap a truxt web!

Why to get a public key?

Increases convenience because you receive your private messages in your regular mail user agent (MUA) - e.g. Outlook.

  • reduces your exposure

If you wish to learn more about PrivaSphere Secure Messaging, contact a PrivaSphere representative.

see also: