Table of Content
Installation
Quick guide
Configure your mail server
Postfix
Exim4
Configure your browsers
Metadata & Traffic Analysis
Protect metadata
Stop traffic analysis
Key Management
How key exchange works
Verify key
Import key
Export key
Messages
Verify arrived privately
Check if sent privately
Administration
Mail Options
Contacts
Users
Keyservers
Backups
Administration
We've designed your GoodCrypto private server so there is little or no administration needed.
The default behavior is to create and exchange keys for everyone in your group automatically. Users are notified when their new key is ready and whenever they receive a new key from a contact. Users also receive email from your GoodCrypto private server with their sign in credentials so they can verify which messages were exchanged privately.
AdministratorOf course, you do have full control over how automatic the server operates. Use your browser to access your GoodCrypto private server website. Use the credentials supplied when you initially customized your GoodCrypto private server.
For added security, you might want to set the Mail Options to restrict access to viewing fingerprints and exporting keys to logged in users. Otherwise, anyone who can reach your GoodCrypto private server's website can learn who communicates securely.
If you decide that you want to create keys for your users manually (which we strongly discourage) or you don't want keys exchanged automatically (which we also strongly discourage) , then you and your users will have a lot of administrative tasks (i.e., importing and exporting keys.
End UsersUsers in your group will probably also want to access your GoodCrypto private server website. They can 1) access information about private messages they send and receive; 2) view fingerprints; 3) export keys. After they sign in, they can also verify and import keys.
Of course, end users can't access any of the administrator areas without you increasing their privileges.
Mail Options
You must be logged into your GoodCrypto private server with administrative privileges to see or change any of the options.
Contacts
Your GoodCrypto private server adds a record in the database every time someone sends or receives private email. Each record shows the type of encryption the contact uses and their fingerprint.
Also, the administrator can flag each contact so email must always be encrypted or never be encrypted. This allows you to maintain the appropriate level of security on a person by person basis.
If there's a contact that you know you never want to send encrypted email, then you might want to add that contact and select the "Never encrypt" option.
- Connect to the Goodcrypto Server website.
- Sign in with the credentials you supplied when you configured your GoodCrypto Server
- Click on the Mail menu item
- Click on Contacts
- Don't forget to sign out when you're finished.
Users
Your GoodCrypto private server automatically creates a user every time someone in your company sends or receives email. Each user receives a message with their credentials when their account is ready. Of course, the administrator can also add or delete users manually, too.
- Connect to the Goodcrypto Server website.
- Sign in with the credentials you supplied when you configured your GoodCrypto Server.
- Click on the Mail menu item.
- Click on Users
- Click on Add user
- Fill in all the information, including the email address field for the user
If you'd like to follow the convention that GoodCrypto uses, then the username and email address will be the same. - Don't forget to sign out when you're finished.
Keyservers
- Connect to the Goodcrypto private server website.
- Sign in with the administrator credentials
- Click on Mail in the menu
- Click on Keyservers button. This button only appears if you're logged in as the administrator.
- You can add, change, or delete keyservers. If you don't want to delete a keyserver, but no longer use it, then simply remove the Active check mark while editing it.
Backups
Your backup procedure depends on where you've installed your GoodCrypto private server.