Using PGP with Hushmail

This page describes how Hushmail users can communicate securely with users of PGP, GnuPG, and other products supporting the Open PGP standard. If you are a Premium customer and require assistance with Open PGP compatibility, please click here. Please note that while we will take comments from non-paying users into consideration, we may not be able to respond to your request.

Open PGP key server

We are pleased to announce the availability of our free Open PGP LDAP key server, which can be accessed at keys.hush.com. This server runs on port 389.

How can a PGP user send secure email to Hushmail?

If the PGP user is using PGP 8.0 or PGP Universal:

Hush Communications operates a free Open PGP LDAP key server which can be accessed by users of PGP 8.0 and PGP Universal. To send secure email to a Hushmail user using PGP 8.0 for Windows, the PGP user should:

  1. Right-click the PGP icon in the system tray
  2. Select 'Options...'
  3. Click the 'Servers' tab
  4. Click the 'New' button
  5. Select 'PGP Keyserver LDAP'
  6. In the 'Name' field, enter keys.hush.com
  7. Click the 'OK' button
  8. The PGP user can now send secure email to Hushmail users using all PGP 8.0 components, including the PGP Outlook plugin.

Please note:

  • Hushmail only recognizes digital signatures on text messages that are signed using the Cleartext Signature Framework as described in RFC2440 section 7. Thus when sending to a Hushmail account you must sign the message first, generating a cleartext signed message, and then encrypt the result. If you encrypt and sign a message in a single step (the default for many PGP applications), the signature will not be recognized.

If using GnuPG

GnuPG users can now alse retrieve keys from the LDAP server at keys.hush.com.

  1. At the command prompt, enter gpg --keyserver ldap://keys.hush.com --search-keys username@hushmail.com where username@hushmail.com is the address of the user with whom you wish to communicate.
  2. Follow the instructions that will be displayed to import the key to your key ring.
  3. Your GnuPG installation must support LDAP in order for this to work. Refer to the GnuPG documentation.

If using Enigmail with Mozilla Mail, Netscape, or Thunderbird

Enigmail (which uses GnuPG internally) can also retrieve keys from the LDAP server at keys.hush.com.

  1. In the "OpenPGP" menu, select "Preferences".
  2. Select the "Basic" tab.
  3. In the "Keyservers" section, add "ldap://keys.hush.com:389".
  4. In the "OpenPGP" menu, select "Key Management".
  5. Select "Keyserver" > "Search for keys".
  6. Enter the Hushmail address of your recipient.

    Select "ldap://keys.hush.com:389" from the dropdown list of keyservers.

    Click Ok.
  7. Right click the newly added email address in the list of keys and click "Set Key Trust".
  8. Select "I trust ultimately". Your email can now be encrypted to this recipient.
  9. Repeat steps 4-8 for each recipient you wish to encrypt messages to.

If using older versions of GnuPG or PGP, the PGP user must retrieve the public key of the Hushmail user:

  1. The PGP user should go to www.hushtools.com.
  2. Click on "Key Management".
  3. Under "Advanced", click on the option "Retrieve a public key".
  4. Enter the email address of the Hushmail user with whom you wish to communicate securely.
  5. Click "Retrieve public key".
  6. Select and copy the displayed key then import it using your PGP or Open PGP software (it may be necessary to save the public key in a local file with ".asc" extension in order to import it).
  7. The PGP user can then send secure email to the Hushmail user.
  8. If the Hushmail user cannot decrypt messages encrypted by Open PGP compliant software, the following lines should be added to the PGP user's PGP options file:

    cipher-algo rijndael

    openpgp

How can a Hushmail user send secure email to a PGP user?

The PGP user must upload their public key to the Hush Key Server Network. Please note that it is not necessary for the PGP user to upload a private key.

  1. The PGP user must export their public key in text format.
  2. The PGP user should go to www.hushtools.com.
  3. The PGP user should click on "Key Management".
  4. Under "Advanced", click on the option "Upload a public key".
  5. The PGP user should paste their text public key in the text box indicated.
  6. The PGP user should click on the dropdown box which says "Click here .. " to select a User ID for their public key. This should be the email address to which the Hushmail user will send mail.
  7. In most cases, no activation code will be required. Ignore that field.
  8. The PGP user should click "Upload public key".
  9. The PGP user will shortly receive an email confirming upload of the public key. The instruction in that email should be followed.
  10. The key will then be activated, and any email sent to the chosen User ID (email address) by a Hushmail user will automatically be encrypted.

Note: We've been told that if you get the error "Error decrypting message . java.lang.IllegalArgumentException: Length not multiple of 4" it can be resolved by setting PGP to word wrap at column 69. This can be controlled in PGP options.