Then when you PM someone who has set it up there's an Encrypt for [Username] option. When you receive an encrypted email you have an unlock button (looks like an unlocked padlock). It's all displayed within the web page so it looks like it might be handled by the server but in fact it's all Javascript within the browser, plaintext never gets to the server*.
*You can test this, or anyone moderately tech-savvy can, by watching the network traffic between your browser and the website. You will see the Public Key and encrypted messages but not the Private Key or plaintext messages. Also, the Javascript is clear and commented in the Page Source so you can view the algorithm. The OpenPGP Javascript library is
Code: Select all
/*! OpenPGP.js v5.5.0 - 2022-08-31 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */It's pretty fragile so not very dependable, but if you see Encrypt/unlock it's guaranteed private. The problem is that every time you hit Generate New Keys new ones are created and the old ones are lost, so any messages in transit or already in your Inbox become unreadable. Also currently no way for you to disable it at the receiving end, although of course I can delete the Public Key at the server so it can be disabled manually.
