At Netzy Cloud we employ encryption to keep everyone's data safe while being transmitted to and from our servers. This is a two part process and it is important for our users to understand the concepts and how to employ them correctly. We use the Roundcube web client a secure custom webmail by default, but you can use an alternative web client if you prefer.
Step 1: Server Encryption
We use OpenPGP to encrypt your mailbox's data at rest. It is an open source encryption algorithm and nothing is required from the user to make this work. It happens automatically on the server.
Step 2: User Encryption
This part requires some configuration from the user as well as downloading the "Mailvelope" browser extension to make this work.
How It Works:
Browser Extension: Install "Mailvelope" from the Chrome Web Store, Firefox Add-ons, or Microsoft Edge Add-ons.
Integration with our custom webmail: Once installed, Mailvelope detects Roundcube when you access your webmail. To enable it, you must authorize the domain in the Mailvelope settings (via the Mailvelope icon in the browser toolbar).
Sending Encrypted Emails:
Compose a message in Roundcube the webmail interface.
Switch the editor to Mailvelope (encryption only works in plain text mode).
Mailvelope opens a secure editor where you type in your message and add encrypted attachments (use the Add file button inside the Mailvelope editor).
Enter your private key password to encrypt and send the message.
Click on the encrypt button to send
Receiving Encrypted Emails:
When you open an encrypted message in Roundcube the webmail interface, Mailvelope detects it and prompts you to enter your private key password.
After entering the password, the message is decrypted and displayed in clear text.
Key Points:
End-to-end encryption: Only you and the recipient (with the correct key) can read the message.
Recipient must have Mailvelope or a PGP compatible encryption client
Recipient must have created and validated their encryption keys
No server-side decryption: Roundcube The webmail client does not see your message content; encryption happens entirely in your browser.
Key Management:
- You generate or import your own OpenPGP key pair. Mailvelope stores your private key locally on your device in the browser.
- You can generate your keys inside Mailvelope or using PGP Generator
- Download your public key and submit to Open PGP Keyserver to ensure no matter what client your recipient uses they will discover your key automatically
- Some clients don't use auto discovery and the public key has to be manually imported before attempting to send them an encrypted email
Limitations:
1. You cannot encrypt message headers (sender, recipient, subject).
2. You cannot sign messages in all configurations (some older versions had issues).
3. Attachments must be added via Mailvelope’s interface, not Roundcube’s the webmail's standard interface
4. If the recipient doesn't have an encryption key, you can only digitally sign your message using your key
The receiver MUST also be registered and using Mailvelope to decrypt the message or have uploaded their public key to the Open PGP Keyserver
Setup Summary:
- Install Mailvelope in your browser.
- Access
Roundcube webmail and click the Mailvelope icon → Authorize this domain.
- Generate or import your OpenPGP key pair in Mailvelope.
- Compose messages in Plain text using the Mailvelope interface, use the Encrypt button to send
