Encryption & Security
Encryption & Security
Learn about PGP keys, encryption settings, and security features.
Before You Begin
Make sure you have:
- Access to your PDG Mail account
- A secure location to store your encryption keys
- Your email client configured
Transport Layer Security (TLS)
PDG Mail uses TLS 1.3 for all communications to ensure your data remains secure during transmission.
- All communication between you and our servers is encrypted
- All communication with external mail servers is encrypted
- TLS 1.3 provides the highest level of security for data in transit
Zero Knowledge Encryption
PDG Mail offers at-rest zero knowledge encryption using PGP to ensure your emails remain private.
Setting Up PGP Encryption
You have two options for setting up PGP encryption:
Option 1: Generate Keys Through PDG Mail Portal
- Log in to your PDG Mail account
- Navigate to Settings → Security
- Click "Generate New PGP Key"
- Enter a strong password for your key
- Click "Generate" and wait for the process to complete
- Download and securely store your private key
Option 2: Generate Keys Locally
For advanced users who prefer to generate their own keys, follow these platform-specific instructions:
Required Key Types
- Primary Key: EDDSA with Ed25519 curve
- Subkey: ECDH with Curve25519 curve
MacOS
- Install Homebrew if you haven't already:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
- Install GPG using Homebrew:
brew install gnupg
- Create a file named
key-config.txtwith the following content:%echo Generating OpenPGP key Key-Type: EDDSA Key-Curve: Ed25519 Subkey-Type: ECDH Subkey-Curve: Curve25519 Name-Real: Your Name Name-Email: [email protected] Expire-Date: 0 %commit %echo done
- Generate your key pair:
gpg --batch --generate-key key-config.txt
- Export your public key (to upload to PDG Mail):
gpg --export --armor [email protected] > public-key.asc
- Export your private key (for your email client):
gpg --export-secret-keys --armor [email protected] > private-key.asc
Keep your private key secure and never share it. Upload the public key to PDG Mail portal and use the private key with your email client.
Windows
- Install Gpg4win from gpg4win.org
- Open Kleopatra
- Click "File" → "New Key Pair"
- Select "Create a personal OpenPGP key pair"
- Enter your name and email address
- Click "Advanced Settings" and select:
- Key Material: EDDSA
- Key Size: 256 bits
- Subkey Type: ECDH
- Click "Create" and follow the prompts
- Export your public key (to upload to PDG Mail):
- Select your key in Kleopatra
- Click "Export"
- Save as "public-key.asc"
- Export your private key (for your email client):
- Select your key in Kleopatra
- Click "Export Secret Keys"
- Save as "private-key.asc"
Keep your private key secure and never share it. Upload the public key to PDG Mail portal and use the private key with your email client.
Linux
- Open Terminal
- Create a file named
key-config.txtwith the following content:%echo Generating OpenPGP key Key-Type: EDDSA Key-Curve: Ed25519 Subkey-Type: ECDH Subkey-Curve: Curve25519 Name-Real: Your Name Name-Email: [email protected] Expire-Date: 0 %commit %echo done
- Run the following command:
gpg --batch --generate-key key-config.txt
- Export your public key (to upload to PDG Mail):
gpg --export --armor [email protected] > public-key.asc
- Export your private key (for your email client):
gpg --export-secret-keys --armor [email protected] > private-key.asc
Keep your private key secure and never share it. Upload the public key to PDG Mail portal and use the private key with your email client.
After generating your keys, make sure to:
- Back up your private key securely
- Export your public key
- Keep your private key password safe
The Ed25519/Curve25519 key type provides strong security with excellent performance. These are the recommended key types for modern OpenPGP implementations.
Need Help?
If you need assistance with encryption setup:
- Check our Troubleshooting Guide
- Visit our Knowledge Base
- Contact our Support Team