Using Certificates

Many users prefer to use their standard eMail program for receiving secure messages, too. PrivaSphere Secure Messages can be delivered (at this time) to your standard eMail user interface by providing PrivaSphere your public key (PGP or X.509). This will enable a secure delivery to your standard eMail account

Edit Profile - advanced security settings

1. Prepare setup:

  • Locate the public key file on your PC ( What is a public key).
  • If you do not have a certificate, get one first (as used only to secure the transmission between your PrivaSphere Messaging server and yourself a self signed certificate is sufficient)

2. PrivaSphere account > edit profile > Advanced security settings:

  • Upload your public key with the browse button (only one, S/MIME or PGP).
  • Check BCC to your account, if you wish to keep a copy of your sent messages in your mail program
  • Press the "update account" button.


3. You receive a system message 'first encrypted message' to your mail client. (This message will be signed. Please see find our PrivaSphere OpenPGP signature validation public key!
You might want to Right-click on the link and choose "Save Target Link As". If you want to save it out of your browser, save it as text, but with the file extension ".asc". The key's fingerprint is 8D34 5AEC F4F4 6DDF 9E29 3F7C 7FF2 EE5C 4259 F31C. If you are not familiar with this, please see The GNU Privacy Handbook .

Receiving large attachments
Many mail servers and providers limit the message size. Large files may need to be downloaded directly from the PrivaSphere web mail interface anyway.

Do not use PGP public keys with a key or subkey that is not of length 2x*1024 i.e. 2048 or 4096 are good, but 3072 is bad.
Also, you might have troubles with the Microsoft proprietary attachment format winmail.dat bad.


  • Use this feature when you cannot get from your mail program to our port 995 (e.g. because your firewall forbids this)
  • When your mail program cannot do SSL on POP3 or is incompatible with our secure POP server but is capable of doing GnuPG or SMIME
  • If you only can do IMAP and not POP3 with SSL.

Local Decryption:

  • Desktops
    Most desktop mail clients have some S/MIME support.
    It's integrated in most eMail clients like Outlook , Mozilla Thunderbird, Lotus Notes and others.
    In particular, Thunderbird has nice pgp/gpg plugins.
  • Smartphones
    For several Smartphones SMIME apps are available:
    Android: , etc.
    iPhone: see iTunes


If you still cannot receive PrivaSphere Secure Messages into your mail client, then contact PrivaSphere support for additional assistance.


See also:

For domains with available PKI directories with X509 encryption certificates of the users, there is the possibility of direct comfortable integration.

This allows all the benefits of individual certificates combined with the secure transmission by PrivaSphere™ Secure Messaging.

The user of your domain logs once in PrivaSphere™ Secure Messaging, confirmes his encryption certificate and receives automatically all secure messages from the PrivaSphere™ Secure Messaging Platform as S/MIME encrypted mails as usual.

If it is assumed that the recipient receives PrivaSphere mails rarely and misrouting protection is not necessary, with the subject command <unSafeRoute> direct S/MIME encrypted delivery to the recipient can be triggered without necessary acknowledgement of the certificate by receiver nor necessary one-time password (MUC) is used.
To get more information or to register your PKI on PrivaSphere™ Secure Messaging please contact PrivaSphere (

Fully integrated are actally e.g.



If you are in an organization with available encryption certificates in a similar manner or send to those, please contact us.


see also:

How to get a X509 or S/MIME public key certificate for free:

use a tool to create one yourself:

This has the advantage, that you don't have to rely on anyone else for your certificate, except for the creator of the software.
This is perfectly fine if you just use it between PrivaSphere and your Mail Program, but if you also want to use it you send signed e-mail out of your Mail Program, your counterparts will have to explicitely trust your self-signed certificates . Thus you are back to the trust management done by the OpenPGP world above.

However, a certificate be obtained for from the following sites:

They might also sign a certificate signing request (CSR) created by xca or keystore explorer, etc. as above!

With full operating system support

Typically, this is a paid service. Sites:

How to get a PGP public key certificate: (Kleopatra) 

see also the corresponding manual how to bootstrap a truxt web!

Why to get a public key?

Increases convenience because you receive your private messages in your regular mail user agent (MUA) - e.g. Outlook.

  • reduces your exposure

If you wish to learn more about PrivaSphere Secure Messaging, contact a PrivaSphere representative.

see also: