This guide explains how message encryption works on the Web app Mail Infomaniak (online service mail.infomaniak.com).

Preamble

• When encryption is enabled, emails and attachments are encrypted upon receipt on Infomaniak servers, via the public keys of senders and recipients.
  • Each email address generates a key upon first use, securely stored in the Infomaniak datacenters.
• The keys are based on elliptic curve cryptography (ECC) and use the OpenPGP standard.
  • They are themselves encrypted in AES-256-GCM with automatic decryption via Infomaniak authentication.

Enable email encryption

To automatically encrypt a message sent to an email address:

1. Click here to access the Mail web app (online service mail.infomaniak.com).
2. Compose a new message as you usually do.
3. Click on the lock icon to the left of the Send button to enable encryption:
   
4. Confirm the action if a confirmation window appears.
5. The icon now represents a closed padlock and the overall color is changed.
6. Press the Send button.

This action must be performed for each new send.

A. Recipient whose email is managed by Infomaniak

If the recipient of the encrypted email has an email address managed by Infomaniak, the encryption is completely transparent for both the sender and the recipient. A note will indicate that the message is encrypted…

1. … in the recipient's inbox:
   
2. … when opening the received message:
   
3. … and in the sent folder of the sender:
   

B. External recipient

If the recipient of the encrypted email has an email address managed outside of Infomaniak services, encryption is still possible, but it requires the definition of a password:

1. Click here to access the Mail web app (online service mail.infomaniak.com).
2. Compose a new message as usual, but send it to an email address outside of Infomaniak.
3. Click on the lock icon to the left of the Send button to activate encryption.
4. A modal window opens to allow you to set a password.
5. Enter a password and copy it to send it to the recipient by your own means (for example, kPaste) (you can agree on a password in advance so the recipient will already be informed):
   
6. The icon now represents a closed padlock and you can send the email as usual.

The recipients will then receive a message notifying them that an encrypted email is waiting for them:

By clicking on the provided button, they will be redirected to a secure web page where the password must be entered.

Once the password is validated, the encrypted message can be viewed on the same page.

Storage and search

In search results, only the subject of encrypted messages will be visible, while their content will remain secure during storage.