If you are using the Kraken interface you can only set up PGP/GPG encryption on Kraken Pro or Kraken Classic. To set up PGP/GPG encryption of Kraken Pro you can find out how here!
Before setting up PGP encryption, we recommend reviewing our short explanation of the topic. Note that this is an optional security feature. You will be able to receive our emails without PGP enabled, and will receive those emails with standard security methods enabled like TLS.
To start with setting up PGP, you will need software that can create your private and public key so that you can:
- Encrypt emails that you send.
- Decrypt emails that are sent to you.
We recommend that you review the software list of OpenPGP to find the best match for you.
The most popular methods are currently:
- Protonmail, an email provider with in-browser cryptography (no extensions required).
- FlowCrypt browser extension for Gmail compatible with Chrome, Firefox, and Brave browsers.
- Mozilla Thunderbird software compatible with Windows, Mac, and Linux operating systems.
Once you have created your private and public key, you will now be able to receive encrypted emails from Kraken by sharing your public key with us through your account settings. To find your public key, review the documentation provided by your PGP software; every software provider stores public keys in different ways.
Note: you should never share your private key with anyone. Kraken will never ask for your private keys.
- Sign-in to your Kraken account.
- Navigate to your name in the top right corner, select Settings and then select Account.
- Scroll down until you see the PGP Public Key section and paste your public key in the field which says Paste your PGP key here, then click on Update Settings.
That’s it! We will now be sending all automated account notifications to you encrypted with your public key from email@example.com
Note: Company announcements and marketing emails from Kraken will never be encrypted, but are always signed with our public key. If you want responses from our Support team to be encrypted, please follow these instructions.
Emails that are sent from firstname.lastname@example.org and email@example.com are always signed with Kraken’s public key. Depending on the software that you use, this can be seen in the form of an attached .asc file or by some form of pop up or warning message asking if you trust the sender or public key that is attached to the email.
Generally your email software will open this file itself and will ask you to verify a PGP fingerprint, which is a shortened version of the public key.
For the above mentioned email addresses Kraken’s PGP fingerprint is:
3EEA 4D83 582E DB05 A704 81B4 A380 42F6 07D6 23DA
To verify the .asc file in an email, manually open the file with a text editor and compare it with the public key found here, by copying the content of the .asc file and searching that content on this webpage.
Once you have verified that either the fingerprint or public key matches ours, make sure to indicate in your email software that you trust the sender.
For example, in Protonmail you will first see:
and once you have trusted our public key you will see:
Although you now know that the email was signed by Kraken, unfortunately anyone who intercepted this message before it reached your inbox, can now use Kraken’s public key in the same way you do, to read its content. In order to make sure that the content is for your eyes only, you will want Kraken to send the entire message to you; encrypted with your public key.
Since you already shared your public key to us in an earlier step, all automated notifications about your account will be sent to you encrypted. Company announcements and marketing emails won’t be encrypted since these can be easily verified in multiple ways.
Verifying that Kraken encrypted an email with Kraken’s private key and your public key
Automated account notification emails will be sent to you fully encrypted, if you have shared your public key through your account settings. Aside from these notification emails, we also offer the option to communicate with our Support Team in an end-to-end encrypted way.
The difference between a signed email and a fully encrypted email lies in the fact that only the holder of your private key will be able to decrypt emails that were encrypted with your public key. Our signed emails on the other hand were encrypted by Kraken using our private key, and your software was able to decrypt it by using our public key, a key which anyone can get from our website.
Generally, the holder of your private key will be the software that you have chosen to use for PGP encryption, which is why it is crucial that you secure this software and your email account as best as you can. You may even want to export your private key and store it safely as a backup. Emails can still be removed from your email account in the event of unauthorized access, PGP encryption will not secure your emails from this scenario, so before setting up PGP keys we strongly recommend that you secure your email account first.
Finally, to test and verify that an email from Kraken will be fully encrypted, follow these steps.
- Trigger an automated email from us by requesting your username.
- Navigate to your email account while using your PGP email software and verify that the sender details of the email are showing as encrypted.
For comparison, Protonmail shows it as follows:
You should now be set and ready to go!
If you ran into any issues, review our Troubleshooting PGP email encryption article for additional information.