Frequently Asked Question
How can I change my PGP-keypair (Public and Private key)?
Last Updated 4 years ago
f you are experienced with PGP and have your own PGP tools, you can generate your own keys. Or you can follow this guide below: https://support.countermail.com/kb/faq.php?id=168
We only recommend changing keypair if you are an advanced user, because you will shift all responsibility to yourself, you have to handle the private key backup by yourself etc.
Since Aug 2017 we don't recommend delete or changing the private keys, because we increased the security in our private key handling in Aug 2017. Read more here.
Our keys are RSA 4096 bit, and we accept self generated RSA keys that are 2048 or 4096 bit. We only accept keys that follows OpenPGP RFC 2440 and/or RFC 4880.
RSA 8192-bit keys would also work in theory, but that is totally overkill since 4096-bits is considered secure for some decades more, at least until large Quantum computer are really working (and are stable at that huge size), and when Quantum computers have reached that capability (if it ever does?), most crypto systems have then already switched to quantum secure protocols instead .
Using 8192-bit keys will also slow down the reading & sending of encrypted email, it will take a long time, for example sending a 30MB email (containing multiple attachments) would problably take several minutes (using RSA 8192-bit keys).
The keypair MUST use one master RSA key, for signing and verification only, and one RSA subkey used for encryption (data & storage) only. The first userid MUST be your main account name. For example: yourname@countermail.com
You must send us the keys to accounts@countermail.com and it must be sent from your Countermail-adress, encrypted and signed with the old key.
Keep in mind that old emails will be unreadable in the webmail interface after the key change.
The old emails will still be readable if you have stored the old keypair and if you use some third party tool that have support for multiple private keys, for example Thunderbird + Enigmail.
You can decide by yourself if you want to send us both the public key and the encrypted private key, or if you only want to send us your public key.
Keywords: my own keypair public key private key upload
We only recommend changing keypair if you are an advanced user, because you will shift all responsibility to yourself, you have to handle the private key backup by yourself etc.
Since Aug 2017 we don't recommend delete or changing the private keys, because we increased the security in our private key handling in Aug 2017. Read more here.
Our keys are RSA 4096 bit, and we accept self generated RSA keys that are 2048 or 4096 bit. We only accept keys that follows OpenPGP RFC 2440 and/or RFC 4880.
RSA 8192-bit keys would also work in theory, but that is totally overkill since 4096-bits is considered secure for some decades more, at least until large Quantum computer are really working (and are stable at that huge size), and when Quantum computers have reached that capability (if it ever does?), most crypto systems have then already switched to quantum secure protocols instead .
Using 8192-bit keys will also slow down the reading & sending of encrypted email, it will take a long time, for example sending a 30MB email (containing multiple attachments) would problably take several minutes (using RSA 8192-bit keys).
The keypair MUST use one master RSA key, for signing and verification only, and one RSA subkey used for encryption (data & storage) only. The first userid MUST be your main account name. For example: yourname@countermail.com
You must send us the keys to accounts@countermail.com and it must be sent from your Countermail-adress, encrypted and signed with the old key.
Keep in mind that old emails will be unreadable in the webmail interface after the key change.
The old emails will still be readable if you have stored the old keypair and if you use some third party tool that have support for multiple private keys, for example Thunderbird + Enigmail.
You can decide by yourself if you want to send us both the public key and the encrypted private key, or if you only want to send us your public key.
Keywords: my own keypair public key private key upload