1. Knowledge Base
  2. MDaemon® Email Server

How to enable MDaemon PGP, configure who can use MDPGP, and create keys for specific users

Introduced in MDaemon 15.5.0, MDPGP allows MDaemon to perform basic OpenPGP encryption, decryption, and key management tasks. Key management can be performed on the MDaemon server or on a mail client that supports PGP.

OpenPGP is an industry-standard protocol for exchanging encrypted data, and there are a variety of OpenPGP plugins for email clients that make it possible for users to send and receive encrypted messages. MDPGP is MDaemon's integrated OpenPGP component that can provide encryption, decryption, and basic key management services for your users without requiring them to use an email client plugin.

MDPGP encrypts and decrypts emails using a public-key/private-key system. To do this, when you wish to use MDPGP to send a private and secure message to someone, MDPGP will encrypt that message using a "key" that you previously obtained from that person (i.e. his "public key") and imported into MDPGP. Conversely, if he wishes to send a private message to you, then he must encrypt the message using your public key, which he obtained from you. Giving the sender your public key is absolutely necessary, because without it they can't send you an OpenPGP encrypted message. Your unique public key must be used to encrypt the message because your unique private key is what MDPGP will use to decrypt the message when it arrives.

The steps below will detail how to enable MDPGP, configure who can use MDPGP, and create public/private keys for a specific user.

  1. Select Security
  2. Select MDPGP
  3. Check the Enable MDPGP check box
    PGP-enable-pgp
  4. There are multiple configurations for using MDPGP
    PGP-select-who-can-use
    • Select All MDaemon users on this server can use MDPGP to allow all local users access to MDPGP
    • Select Configure who can use MDPG button to open the \MDaemon\Pem\_mdpgp\rules.txt file
      PGP-rules-txt-file
      • Specific tags and examples are detailed in this file
      • Configure the user(s) as needed to have access to encrypt/decrypt messages, make exceptions, etc..
      • Save the file
      • Close the text editor to return to the MDPGP menu
  5. To generate PGP keys, select Create key for a specific user and/or Create keys automatically
    PGP-create-keys-user

    • If the Create keys for a specific user check box is selected, choose the local user from the drop-down list.
      PGP-choose-email
      • If you would like the public key emailed to the user, leave the (Optional) Email public-key to key owner after creation checked.
        • The user can forward this message that contains the public key to PGP recipients. This will allow the recipient to send the user a PGP encrypted message in a client that support PGP encryption.
    • If Create keys automatically is selected, MDaemon will create a public/private key pair automatically for each MDaemon user.
      • Rather than generate them all at once, however, MDPGP will create them over time, creating each user's key pair the next time a message is processed for that user. This option is disabled by default to conserve resources and avoid needlessly generating keys for accounts that may never use MDPGP.
  6. Select OK