For information on changes for our US clients, please visit our Support Center article.

Поиск
How do I set up PGP/GPG encryption for my email?
Before setting up PGP encryption, we recommend reviewing our short explanation of the topic. Note that this is an optional security feature. You will be able to receive our emails without PGP enabled, and will receive those emails with standard security methods enabled like TLS.
To start with setting up PGP, you will need software that can create your private and public key so that you can:
  • Encrypt emails that you send.
  • Decrypt emails that are sent to you.
We recommend that you review the software list of OpenPGP to find the best match for you.
The most popular methods are:
Once you have created your private and public key, you will now be able to receive encrypted emails from Kraken by sharing your public key with us through your account settings. To find your public key, review the documentation provided by your PGP software; every software provider stores public keys in different ways.
Note: you should never share your private key with anyone. Kraken will never ask for your private keys.
Sharing your PGP public key with Kraken
  1. 1
    Sign-in to your Kraken account.
  2. 2
    Navigate to your name in the top right corner, select Settings
    image3.png
  3. 3
    Click on the Security tab, then scroll down until you see the Additional settings section with Email Encryption. Toggle this on.
    image2.png
  4. 4
    Paste your public key in the field which says PGP key, then click on Change email encryption.
    image4.png
  5. 5
    That’s it! We will now be sending all automated account notifications to you encrypted with your public key from [email protected].Note: Company announcements and marketing emails from Kraken will never be encrypted, but are always signed with our public key. If you want responses from our Support team to be encrypted, please follow these instructions.
Verifying that Kraken signed an email with Kraken’s private key
Emails that are sent from [email protected] and [email protected] are always signed with Kraken’s public key. Depending on the software that you use, this can be seen in the form of an attached .asc file or by some form of pop up or warning message asking if you trust the sender or public key that is attached to the email.
Generally your email software will open this file itself and will ask you to verify a PGP fingerprint, which is a shortened version of the public key.
For the above mentioned email addresses Kraken’s PGP fingerprint is:3EEA 4D83 582E DB05 A704 81B4 A380 42F6 07D6 23DATo verify the .asc file in an email, manually open the file with a text editor and compare it with the public key found here, by copying the content of the .asc file and searching that content on this webpage.
Once you have verified that either the fingerprint or public key matches ours, make sure to indicate in your email software that you trust the sender.
Although you now know that the email was signed by Kraken, unfortunately anyone who intercepted this message before it reached your inbox, can now use Kraken’s public key in the same way you do, to read its content. In order to make sure that the content is for your eyes only, you will want Kraken to send the entire message to you; encrypted with your public key.
Since you already shared your public key to us in an earlier step, all automated notifications about your account will be sent to you encrypted. Company announcements and marketing emails won’t be encrypted since these can be easily verified in multiple ways.
Verifying that Kraken encrypted an email with Kraken’s private key and your public key.
Automated account notification emails will be sent to you fully encrypted, if you have shared your public key through your account settings. Aside from these notification emails, we also offer the option to communicate with our Support Team in an end-to-end encrypted way. The difference between a signed email and a fully encrypted email lies in the fact that only the holder of your private key will be able to decrypt emails that were encrypted with your public key. Our signed emails on the other hand were encrypted by Kraken using our private key, and your software was able to decrypt it by using our public key, a key which anyone can get from our website.
Generally, the holder of your private key will be the software that you have chosen to use for PGP encryption, which is why it is crucial that you secure this software and your email account as best as you can. You may even want to export your private key and store it safely as a backup. Emails can still be removed from your email account in the event of unauthorized access, PGP encryption will not secure your emails from this scenario, so before setting up PGP keys we strongly recommend that you secure your email account first.
Testing PGP Setup
Finally, to test and verify that an email from Kraken will be fully encrypted, follow these steps:
  1. 1
    Trigger an automated email from us by requesting your username.
  2. 2
    Navigate to your email account while using your PGP email software and verify that the sender details of the email are showing as encrypted.
    For comparison, Protonmail shows it as follows:
    image5.png
  3. 3
    You should now be set and ready to go!
What is the "signature.asc" email attachment?
  • The signature.asc file that is attached to all automated emails being sent from [email protected] and [email protected] can be used to verify whether the email was actually sent by Kraken.
  • You don’t need to open it, since it’s a file that is meant to be decrypted by PGP software.
  • It contains a PGP text block which is generated by using both the content of the email and Kraken's PGP private key. Generally email providers will automatically decrypt this text with the public key of Kraken, and show you whether a sender is verified.
  • For more information on the topic we suggest you review our article on what PGP is.Note: you should never share your private key with anyone. Kraken will never ask for your private keys.