Skip to product menu
close
  • Sales
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce and POS

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace
Skip to main content

PGP Encryption in Zoho Mail

Pretty Good Privacy (PGP) encryption helps users to send encrypted emails to their recipients ensuring privacy and security of their email content. PGP uses a pair of keys (Public and Private) to encrypt and decrypt emails. In addition to encryption, emails can be digitally signed by hashing ensuring the legitimacy of the sender.

The integration of PGP with Zoho Mail will help the users generate and store Public and Private keys right from within their mailbox. They can use the keys (generated within Zoho Mail or any other platform) to encrypt and digitally sign the emails they send.

  • This feature is available only to organizations that have subscribed to one of our paid plans.
  • As of now, this feature is available for users in US, EU, IN and AU DCs. It will be enabled for other DCs in a phased manner.

How does PGP work?

PGP works based on numerical encryption using public and private keys. For example, when User A wants to send an encrypted email to User B, the later generates a pair of public and private keys. The private key is kept secret and the public key should be shared with User A.

User A encrypts the email using the public key of User B and digitally signs the email using the former's private key and sends the email. To decrypt the email, User B needs to use the passphrase for the private key associated with the public key used to encrypt the email.

To learn more about PGP integration, please refer to the video linked below:

Enable PGP integration in Zoho Mail

Admin Configuration

The users in an organization can access PGP integration only when the organization admin enables it from the Zoho Mail Admin Console. To enable access the admin should navigate to Zoho Mail Admin Console > Other App Settings > Integrations and Extensions > Extensions. Scroll down to PGP and click Configure.  Learn more

Enable PGP integration

Turn ON the Enable PGP Encryption toggle switch. Once enabled the organization users can configure PGP integration from settings, generate and import keys, send and receive PGP encrypted emails from Zoho Mail.

Enable PGP integration

 

The admin can also choose to allow the organization users to search for the public keys of the recipients from other public key servers. To enable this option, turn ON the Search for public keys toggle switch. Learn more

User configuration

Once Admin enables the integration, to start sending and receiving PGP encrypted emails, you should either generate a pair of public and private keys or import them from local storage have them saved to your account.

Configure

Key pairs for your account

Important components in a key pair

  • Name - The name you provide for the key pair for easy identification.
  • Email address - The email address with which the key pair is associated.
  • Status - Valid/ Revoked. Only the valid key pairs can be used to encrypt and decrypt the emails.
  • Key ID - The key ID will help you to identify the public key of yours using which the email has been encrypted.
  • Passphrase - The passphrase will be used to sign digitally and decrypt emails using your private key corresponding to the public key used for encryption.
  • Algorithm - The type of algorithm (RSA or ECC - Curve25519) used for encryption.
  • Length - The key size (2048 or 4096) which is measured in Bits.

 

The Keys generated in Zoho Mail will be encrypted and stored in Zoho Database using AES algorithms. Only the user who generates or imports a key pair can access the private key. The public key can be fetched by the organization users via the PGP extension in the e-widget.

Generate new key pair

To generate a new key pair:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
    PGP integration
  3. Click on the PGP integration card.
  4. Click Generate a new key.
  5. Choose the Email address or Email alias for which you want to generate the keys.
  6. Provide a name for the key pairs.
    Generate keys
  7. Provide and confirm a Passphrase for the key pair. This Passphrase will be used to sign the email and decrypt an email.
    • You should either memorize the passphrase or save it in a password manager. You cannot recover the password if you forget it.
  8. Click Advanced Settings to choose the Algorithm type (RSA or ECC - Curve25519) and the Key size (2048 or 4096 Bits).
  9. You can also choose to provide an Expiry date for the key pairs you generate.
  10. Click Generate Key.

A pair of private and public keys will be generated and will be associated with the primary email address or the email alias chosen.

Note:

You cannot associate any IMAP/ POP email address added to your account while generating the key pairs.

Set an expiry date for the key pair

When you generate a key pair in Zoho Mail, you can have an expiry date set for the key pair generated. Once the key pair expires, it cannot be used to encrypt or sign an email. You have to generate a new key pair to send and receive encrypted emails.

Expiry date

However you can still decrypt the emails that have already been sent to you encrypted using the public key that has expired.

Import key pairs for your account

You can import key pairs generated and associated with your primary email address or email aliases from other key service providers. You can also import a key pair that has been generated in Zoho Mail but exported and deleted from your account.

To import a key pair to your account:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Click Import key pair under the My keys section.
    Import key pairs
  4. You can import the key pair from your local storage or paste the key copied from your clipboard.
    Upload key pairs
  5. Click Import keys.
  6. You can check the Key ID and the Email address with which the key pair has been associated.
    Verify
  7. Click Save.

Once generated the key pairs associated with your primary email address/ email aliases will be listed under the My keys section.

You can click on the key pair to view the details such as Key IDAssociated email address, etc.,

Default key pair

The generated and imported key pairs will be listed under the My Keys section. You can mark a key pair to be Default for the emails sent via a particular email address/ email alias. The default key pair will be used to sign the email whenever you send a PGP-encrypted email using the email address/ email alias.

To mark a key pair default:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Navigate to the My Keys section.
    Default keys
  4. Click the key pair you want to mark as Default.
  5. Click the Set as default button on the key pair details page.

The key pair will be set as default to encrypt and sign the emails sent using the particular email address associated with the key pair.

Keys of recipient PGP users

To send and receive emails encrypted using PGP, both the sender and receiver should have access to the public keys of each other. To send emails to your recipients, the public key associated with their email addresses should be saved to your account.

You can import multiple public keys for a particular recipient. When you import multiple keys you can choose a default public key for the user to send them encrypted emails. You can choose to change the default key anytime from the PGP users section.

To import a public key of a PGP user:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Navigate to the PGP users section.
    Import public key
  4. Click Import public key.
  5. You can upload a public key file saved to your computer or paste the key copied from your clipboard.
    Upload key file
  6. Click Import key(s).
  7. Verify the Key ID and the Email address of the PGP user.
    Verify
  8. Click Save

The public key will be imported and can be used to encrypt emails sent to the PGP user.

When you import multiple public keys for a PGP user, you can choose a default key to be associated automatically whenever you send an encrypted email.

 

You can also import the public keys of your recipients (either from within the organization or outside the organization) using the PGP extension in eWidget. Learn more

PGP Schemes

The schemes that are available to encrypt your emails using PGP encryption are Inline and MIME schemes. By default, your emails will be encrypted using the PGP/ MIME scheme.

You can choose to change the scheme by following the steps given below:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Choose the preferred scheme from the Default PGP scheme drop-down.
    PGP schemes

Difference between the two schemes

PGP/ InlinePGP/ MIME (Default scheme)
Supports only Plain text content as HTML support by this scheme is limited.Supports Rich text formatting of email content.

Encrypts the text and attachments separately.

Hence, the encrypted text can be copied and decrypted from any other clients that support PGP.

Encrypts the text and attachments in an email together as a single encrypted file increasing the security of the email.

Sample encrypted emails

Inline scheme without attachment

Inline scheme

Inline scheme with attachment

Inline scheme

MIME scheme with/ without attachment

As the content and attachment are encrypted together, the encrypted email appears the same with/ without attachments.

The two attachments in the encrypted email (using MIME scheme) are:

  1. Encrypted email content with/ without attachment
  2. MIME version file (Based on RFC standards)

MIME scheme

Key management

The private and public keys generated for or imported to your account and the public keys of PGP users imported or saved can be managed from the Zoho Mail settings.

Search keys

You can use the Search bar on the My Keys and PGP users section to search for keys using the email address, name, or key ID.

Change passphrase

You can change the passphrase of the key pairs generated for your account.

To change the passphrase:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Go to the My Keys section.
  4. Click the key pair for which you want to change the passphrase.
    Change passphrase
  5. Click Change passphrase under the Passphrase section on the Key Details page.
  6. Provide the Old and New passphrases.
    Change passphrase
  7. Verify the New passphrase.
  8. Click Save.

Export key(s)

You can export the key pair in its entirety or only the private or public keys separately. You can also export the public keys of the PGP users saved to your account.

To export key(s):

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Go to the My Keys or PGP users section from which you want to export the key(s).
  4. On the My Keys section, click on the key you want to export from the listing.Export your keys
    • Click Export at the top of the Key details page.
    • You can choose to export Public or Private keys separately or the entire key pair.
      Secure keys
    • When you export Private keys, they must stored securely to prevent unauthorized access to your emails.
  5. On the PGP users section, click the More Options icon next to the public key you wish to export. You can also choose to export all the public keys of a user by hovering over the email address under the PGP users section and clicking Export​​​​​.
    Export keys
  6. Click Export.

The exported key pair will be saved to your local storage.

Revoke key validity

When you no longer want your key pairs to be functional or find that the key pair is compromised you can choose to revoke the validity of the key pair. Once revoked, it cannot be used to encrypt or decrypt emails.

To revoke the validity of a key pair:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Go to the My Keys section.
  4. Click the key pair for which you want to revoke the validity.
    Revoke
  5. Click Revoke.
  6. Click Yes in the confirmation dialogue pop-up.

Once revoked, the public key cannot be used to encrypt emails and the private keys can no longer be used to decrypt or sign emails.

Note:

  • The validity of the default key pair cannot be revoked. To revoke the validity, you should make another key pair as default and revoke the validity of the former key pair.
  • If the revoked public key has been used to send encrypted emails to you, it can no longer be decrypted. You need to reach out to the sender to resend the email encrypted using a valid key pair.

Delete keys

The key pairs and PGP users' public keys can be deleted from your account.

Note:

  • It is recommended to Export the key(s) before deleting them. This is to ensure access to the keys when needed in the future.
  • You cannot delete your Default key pair.
  • Deletion of keys does not revoke the validity of the keys. They can still be used to encrypt and decrypt emails.
  • When you view an email that has been encrypted using a deleted key pair, a prompt will be shown to import the key pair or reach out to the sender to resend the email encrypted using an available key pair

To delete your key pair or a public key of a PGP user:

  1. Log in to Zoho Mail.
  2. Navigate to Settings > Integrations > Extensions > PGP.
  3. Go to the My Keys or PGP users section from which you want to delete the key(s).
  4. On the My Keys section, click on the key you want to delete.
    Delete keys
    • Click Delete at the top of the key details page.
  5. On the PGP users section, click the More Options icon next to the public key and choose Delete Key.
    Delete keys
  6. Click Ok in the confirmation dialogue box.

The key or key pair will be deleted from your account. If exported they can be imported again to your account to use them for encryption and decryption.

Disable the integration

You can disable the integration temporarily. When you disable the integration you will not be able to send PGP encrypted emails and read any of the encrypted emails sent to you. However, the keys that you have generated and imported to your account will exist and can be used again when you enable the extension.

To disable the extension, navigate to Settings > Integrations > Extensions > PGP. Turn off the toggle switch to disable the extension.
Disable

Note:

  • The administrator of the organization can also disable the extension from the Zoho Mail Admin Console.
  • To disable the extension from Admin Console, navigate to Zoho Mail Admin Console > Other App Settings > Integrations and Extensions > Extensions. Scroll down to find the PGP extension and click Configure. Turn OFF the Enable PGP integration toggle switch.
    Admin configuration
  • The extension cannot be accessed by the users and hence they cannot send/ open any PGP-encrypted emails. However, the keys that they have generated/ imported will not be removed from their account. It will be available for them to use when the extension is enabled again by the administrator.

Remove configuration

You can remove the PGP configuration from your account. When you remove the configuration all your keys (generated and imported) will be deleted from your account. You will not be able to send/ read PGP-encrypted emails. You have to generate new key pairs or import keys of PGP users to send. read PGP-encrypted emails.

To remove the configuration, navigate to Settings > Integrations > Extensions > PGP. Click Remove. Click Yes on the confirmation pop-up.
Remove

Still can't find what you're looking for?

Write to us: support@zohomail.com