Hoe stel ik PGP/GPG-versleuteling in voor mijn e-mail?

Voordat je PGP-versleuteling instelt, raden we je aan om eerst onze korte uitleg over dit onderwerp te lezen (https://support.kraken.com/hc/articles/201648223). Dit is een optionele beveiligingsfunctie. Je kunt onze e-mails ontvangen zonder dat PGP is ingeschakeld met standaard beveiligingsmethoden zoals TLS. (https://en.wikipedia.org/wiki/Transport_Layer_Security)

Om PGP in te stellen, heb je software nodig waarmee je je privésleutel en publieke sleutel kunt maken. Zo kun je:

Je ontvangen e-mails ontsleutelen.

We raden je aan om de softwarelijst van OpenPGP (https://www.openpgp.org/software/) te bekijken om te bepalen welke het beste bij je past.

De meest gebruikte methoden zijn:

  • Encrypt emails that you send.

  • Decrypt emails that are sent to you.

FlowCrypt-browserextensie (https://flowcrypt.com/) voor Gmail die compatibel is met de browsers Chrome, Firefox en Brave.

Meld je aan (https://www.kraken.com/sign-in) bij je Kraken-account.

  1. 1

    Sign-in to your Kraken account.

  2. 2

    Navigate to your name in the top right corner, select Settings

    image3.png
  3. 3

    Click on the Security tab, then scroll down until you see the Additional settings section with Email Encryption. Toggle this on.

    image2.png
  4. 4

    Paste your public key in the field which says PGP key, then click on Change email encryption.

    image4.png
  5. 5

    That’s it! We will now be sending all automated account notifications to you encrypted with your public key from [email protected].Note: Company announcements and marketing emails from Kraken will never be encrypted, but are always signed with our public key. If you want responses from our Support team to be encrypted, please follow these instructions.

Emails that are sent from [email protected] and [email protected] are always signed with Kraken’s public key. Depending on the software that you use, this can be seen in the form of an attached .asc file or by some form of pop up or warning message asking if you trust the sender or public key that is attached to the email.

Generally your email software will open this file itself and will ask you to verify a PGP fingerprint, which is a shortened version of the public key.

For the above mentioned email addresses Kraken’s PGP fingerprint is:3EEA 4D83 582E DB05 A704 81B4 A380 42F6 07D6 23DATo verify the .asc file in an email, manually open the file with a text editor and compare it with the public key found here, by copying the content of the .asc file and searching that content on this webpage.

Once you have verified that either the fingerprint or public key matches ours, make sure to indicate in your email software that you trust the sender.

Although you now know that the email was signed by Kraken, unfortunately anyone who intercepted this message before it reached your inbox, can now use Kraken’s public key in the same way you do, to read its content. In order to make sure that the content is for your eyes only, you will want Kraken to send the entire message to you; encrypted with your public key.

Since you already shared your public key to us in an earlier step, all automated notifications about your account will be sent to you encrypted. Company announcements and marketing emails won’t be encrypted since these can be easily verified in multiple ways.

Verifying that Kraken encrypted an email with Kraken’s private key and your public key.

Automated account notification emails will be sent to you fully encrypted, if you have shared your public key through your account settings. Aside from these notification emails, we also offer the option to communicate with our Support Team in an end-to-end encrypted way. The difference between a signed email and a fully encrypted email lies in the fact that only the holder of your private key will be able to decrypt emails that were encrypted with your public key. Our signed emails on the other hand were encrypted by Kraken using our private key, and your software was able to decrypt it by using our public key, a key which anyone can get from our website.

Generally, the holder of your private key will be the software that you have chosen to use for PGP encryption, which is why it is crucial that you secure this software and your email account as best as you can. You may even want to export your private key and store it safely as a backup. Emails can still be removed from your email account in the event of unauthorized access, PGP encryption will not secure your emails from this scenario, so before setting up PGP keys we strongly recommend that you secure your email account first.

Finally, to test and verify that an email from Kraken will be fully encrypted, follow these steps:

  1. 1

    Trigger an automated email from us by requesting your username.

  2. 2

    Navigate to your email account while using your PGP email software and verify that the sender details of the email are showing as encrypted.

    For comparison, Protonmail shows it as follows:

    image5.png
  3. 3

    You should now be set and ready to go!

  • The signature.asc file that is attached to all automated emails being sent from [email protected] and [email protected] can be used to verify whether the email was actually sent by Kraken.

  • You don’t need to open it, since it’s a file that is meant to be decrypted by PGP software.

  • It contains a PGP text block which is generated by using both the content of the email and Kraken's PGP private key. Generally email providers will automatically decrypt this text with the public key of Kraken, and show you whether a sender is verified.

  • For more information on the topic we suggest you review our article on what PGP is.Note: you should never share your private key with anyone. Kraken will never ask for your private keys.

Meer hulp nodig?