Master Key

The Master Key is a key pair with which the personal certificates of the mailbox users can be centrally encrypted. Thus, the Master Key enhances security.

The Master Key encrypts the personal certificates of the mailbox users. Without the Master Key, the encrypted personal certificates do not grant access to the encrypted mailboxes. This prevents unauthorized persons from gaining access to the encrypted mailboxes if they obtain the encrypted personal certificates.

The Master Key consists of a public and a private key. With the public key, the personal certificates can be encrypted, but not decrypted. For decryption, the private key is required.

We store the personal certificates created for the users so that the users can download them as many times as needed (e. g., to bind them to new devices). Once a personal certificate has been created, we encrypt it. We store the encrypted version for an unlimited time. But we only store the non-encrypted version for 14 days. If a user downloads his personal certificate and the non-encrypted version is no longer available, the encrypted one is decrypted with the Master Key and then made available.

As an additional security measure, you can download the whole Master Key (see Downloading the Master Key) and then remove its private part from our database (see Deleting the Master Key). In this case, we no longer have access to the non-encrypted personal certificates of the users once the non-encrypted version has been deleted after the 14 days have passed.

If a user needs his certificate after these 14 days and we no have the private key of the Master Key, you can provide us with the private key for a short period at any time so that we can decrypt the personal certificate of the corresponding user and make it available to him for another 14 days (see Re-enabling Personal Certificate Download).