Email encryption in the webmail client
Our webmail service supports email encryption with GnuPG. We don't recommend this solution for private email addresses (see the warning above)! But for shared email addresses, e.g. addresses of groups or organizations, the webmail based email encryption might be a good option indeed.
Please note that in this case the private key used to decrypt the encrypted mails to you is stored on our servers. In other words: we and any third party with (unauthorized) access to our servers may read this key.
Certainly, the keys are additionally protected by your password. But whoever has access to our servers, might also modify the webmail service in a way that the password is logged next time that you input it.
Of course we do our best to prevent such things from happening.
In the end you have to ask yourself: do you trust our servers more than the sum of all the computers that are used to send/receive encrypted emails? Especially in larger groups, it's nearly impossible to take care of the security of all these computers. And passing around unencrypted USB thumb drives with the private keys certainly is not a good solution either. That's why we consider email encryption via webmail a good solution in these cases.
Generate/import a private key
The keys can be managed under „Settings“ → „PGP Keys“.
If you already have a private key that you want to use for this account, upload it by selecting „Import“ there.
Otherwise, you should generate a new key by selecting the plus sign at the very bottom.
Importing public keys
In order to send encrypted emails to others, you need to import their public keys first. This can be be done under „Settings“ → „PGP Keys“ → „Import“ as well. Either you upload files with the public keys here or you search for the respective keys on the pulic keyservers (if they've been uploaded there by the key owners beforehands).
Encrypting and signing emails
After having imported or generated a private key and imporing the public key for a recipient, you're able to send encrypted and signed emails. In order to do that, navigate to „Mail“ → „Compose“ and select „Encryption“ → „Digitally sign this message“ and „Encrypt this message“.
If the recipient doesn't have your public key yet, you should additionally select „attach my public key“.
Encrypting and signing emails by default
We recommend to encrypt and sign emails whenever possible. Under „Settings“ → „Preferences“ → „Encryption“ you can select that outgoing emails are signed and encrypted by default.