PGP === Pretty Good Privacy (PGP) is one method for secure email communication in Zammad (in addition to :doc:`smime`). It allows you to exchange **signed** and **encrypted** messages with others. Signing is proof that a message hasn't been manipulated on its way. In other words, it guarantees message **integrity** and **authenticity**. Encryption scrambles a message so that it can only be unscrambled by the intended recipient. In other words, it guarantees message **privacy** and **data security**. .. figure:: /images/system/integrations/pgp/pgp_ticket_creation.png :alt: Screenshot of ticket creation with encrypt and sign buttons :align: center Once PGP has been enabled, ``Encrypt`` and ``Sign`` buttons will appear for outgoing email drafts. .. note:: **Sign button not visible?** Please note that the signing of emails is based on the outgoing email account. That means you have to choose a group with a sender email account, which has a private key assigned. Handling of Keys ---------------- To use the PGP function, you have to enable the integration (PGP) by switching the toggle to **enabled**. You can add keys by clicking the ``Add Key`` button. The keys can be imported from a file or you can paste the content of the key in the text box. .. note:: **Which keys do I have to import?** For **signing** *outgoing* emails, you have to import the private key of your Zammad email account. For **encrypting** *outgoing* emails, you have to import the public key of the customer's email account. For **verifying the signature** of signed *incoming* emails, you have to import the public key of the customer. For **decrypting** of encrypted *incoming* emails, you have to import the private key of your Zammad email account. Import Keys From a File ^^^^^^^^^^^^^^^^^^^^^^^ You can import keys from a file in the **Upload key** section: .. figure:: /images/system/integrations/pgp/import_key.png :alt: Screenshot of adding a key via file :align: center **Supported file formats:** ASCII-armor as well as binary GPG format (basically any GPG supported key format) is supported here. Import Keys by Pasting the Content ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You can also paste the key's content in the **Paste key** section: .. figure:: /images/system/integrations/pgp/paste_key.png :alt: Screenshot of adding a key via pasting :align: center **Supported format:** Please note that only ASCII-armor is supported here. Deleting Keys ^^^^^^^^^^^^^ If you want to delete a specific key, you can do it by clicking on the menu in the **actions** column and select **delete**: .. figure:: /images/system/integrations/pgp/delete_key.png :alt: Screenshot of deleting a key :align: center Downloading Keys ^^^^^^^^^^^^^^^^ If you want to download your keys, you can do this as well via corresponding action buttons. Depending on the key, you can choose whether you want to download the private or the public key. Default Behavior ---------------- Here, you can adjust on per group basis, if **sign** and **encryption** is on or off by default. Please be aware, that agents can always override the setting for each individual email. .. figure:: /images/system/integrations/pgp/group_default.png :alt: Adjusting default behavior on per group basis :align: center Troubleshooting --------------- All of the system's latest PGP activity is displayed in the **Recent Logs** section. The logs contain the status and details of all emails (both incoming and outgoing), that used signing/verification or encryption/decryption. Sign button is not visible, but keys are imported. - Did you choose a group in the ticket? - Did you import a private key for the email address, which is used for outgoing emails in the group? How to obtain keys? You can create them yourself! There are some good tutorials on the web on how to create them. Providing keys to Zammad is a prerequisite to use the PGP feature. It says a passphrase is needed, but I haven't got one. If the key is secured with a passphrase, you have to provide it for the import in Zammad. It is possible that keys may have an empty passphrase. However, this is *not* recommended. How do my customers get my new key? You have to provide your *public* key in advance. Your customer also has to configure PGP in their email workflow and import your public key. The other way round, you have to get the public key of your customer and have to import it to Zammad.