Solving Common OpenPGP Problems with eclipso Mail Europe
Solving Common OpenPGP Problems with eclipso Mail Europe
This guide helps you quickly solve the most common problems with OpenPGP encryption at eclipso Mail Europe. Most issues can be resolved in just a few steps.
For problems with OpenPGP contact our support. Note: We cannot help you with a lost passphrase - this is a feature (zero-knowledge)!
Problem 1: "I forgot my passphrase"
- Status: ⚠️ Unfortunately not solvable
- Reason: This is not a bug, but a feature - zero-knowledge principle
- Why?
- Your passphrase is never stored at eclipso
- Nobody (not even eclipso, admins, hackers) can recover your passphrase
- This guarantees maximum security - only you have access
- What can I do?
- ❌ Not possible: Decrypt old encrypted emails
- ✅ Solution: Generate new key and continue using
- ✅ Prevention: Store passphrase in password manager (KeePass, 1Password, Bitwarden)
- Steps:
- Open Settings > E-Mail | PGP Keyring
- Delete old key (only if you really don't need access anymore!)
- Generate new key with new passphrase
- This time save passphrase in password manager!
- Inform contacts: "Please send me a new email so I can receive your new key"
Problem 2: "Encryption doesn't work - button is grayed out"
- Cause: No public key of recipient available
- Symptom: ???? Encrypt icon is gray/not clickable
- Solution:
- Ask the recipient to send you a signed email
- eclipso automatically imports the public key
- From this point you can reply encrypted!
- Alternative solutions:
- Manual import: Have the public key (.asc file) sent to you and import it in key management
- Keyserver search: (Optional, if implemented) Search for the key on keys.openpgp.org
- First email: Send the first email only signed (????), not encrypted - then recipient can reply encrypted
- Check if key exists:
- Open Settings > OpenPGP Encryption
- Select tab "External Public Keys"
- Search for recipient's email address
- If present: Encryption should work
Problem 3: "Received encrypted email cannot be decrypted"
- Error message: "Key not found" or "Decryption failed"
- Possible causes & solutions:
- Wrong recipient key used:
- Sender used an outdated public key
- Solution: Send sender your current public key (send signed email)
- Email was encrypted to wrong email address:
- You have multiple email addresses, but only one with a key
- Solution: Generate keys for all your email addresses (Premium users)
- Private key was deleted:
- Without private key you cannot decrypt
- Solution: If you have a backup, import the private key again
- If no backup: Email is irreversibly unreadable ⚠️
- Password prompt fails:
- Your passphrase is entered incorrectly
- Solution: Copy passphrase from password manager (watch case sensitivity!)
- Wrong recipient key used:
- Diagnostic steps:
- Check in key management if your private key is still present
- Look at the lock icon in the email - errors show an error message
- Log in with another client (e.g. Thunderbird) and try there
Problem 4: "Signature cannot be verified"
- Symptom: Red warning symbol ⚠️ instead of green checkmark ✅
- Cause & Solution:
Error Message Cause Solution "Public key not found" Sender's key not imported Normally imported automatically. If not: Import manually from email attachment "Invalid signature" Email was modified after signing (e.g. by mail server) ⚠️ Caution! Possible manipulation. Contact sender via different channel "Key expired" The key has reached its expiration date Ask sender to generate new key "Key revoked" Sender has declared the key invalid Ask sender for new public key - Understanding trust levels:
- Blue ("Automatic"): Key was automatically imported from signed email - standard
- Green ("Verified"): You manually marked the key as trustworthy
- Red ("Invalid"): Signature could not be verified - caution!
Problem 5: "Auto-import doesn't work"
- Symptom: You receive signed emails, but public key is not imported
- Possible causes:
- Email is not correctly signed:
- Sender didn't sign with OpenPGP (maybe S/MIME?)
- Solution: Ask sender to activate OpenPGP signature
- Email was forwarded:
- Forwarded emails no longer contain valid signature
- Solution: Ask sender to send you a direct signed email
- Group block:
- Your plan has OpenPGP deactivated (shouldn't occur with eclipso)
- Solution: Contact support
- Email is not correctly signed:
- Perform test:
- Send yourself a signed test email
- Check in key management if your own public key was imported
- If yes: Auto-import works!
Problem 6: "Thunderbird shows different icons than eclipso webmail"
- This is normal! Different clients use different UI elements:
- eclipso webmail:
- ???? Green lock = Encrypted
- ✅ Green checkmark = Signed
- Thunderbird:
- Green seal icon bottom right = Signed + Encrypted
- Tooltip shows details
- Apple Mail:
- Blue seal = Correctly signed
- Gray seal = Signature could not be verified
- Important: Functionality is identical, only the presentation differs
Problem 7: "Key generation fails"
- Error message: "Key generation failed" or "Database error"
- Diagnosis & solutions:
- Passphrase too short (< 12 characters):
- Solution: Use at least 12 characters
- Key limit reached:
- Freemail: Maximum 1 key
- Premium: Maximum depends on plan (standard: unlimited)
- Solution: Delete old keys or upgrade to Premium
- Duplicate email address:
- You're trying to create a second key for the same email address
- Solution: Delete old key first (caution: create backup!)
- Temporary server error:
- Solution: Wait 5 minutes and try again
- Passphrase too short (< 12 characters):
Problem 8: "Import of own key fails"
- You want to import your existing PGP key from Thunderbird/GPG
- Common errors:
- Wrong file format:
- eclipso requires .asc or .gpg files (ASCII-armored)
- Solution: Export key from Thunderbird as "ASCII-armored" (.asc)
- Private key is encrypted:
- You're asked for the passphrase
- Solution: Enter the passphrase of your old key
- Only public key imported:
- Without private key you cannot decrypt
- Solution: Export BOTH keys (private + public) from Thunderbird
- Wrong file format:
- Step-by-step import:
- Thunderbird: Account Settings > End-to-End Encryption
- Your key → Right-click → "Export Secret Key"
- Save file (e.g. private-key.asc)
- eclipso: Settings > OpenPGP > Import
- Upload file, enter passphrase, done!
Problem 9: "Subject is not encrypted (Protected Headers)"
- Symptom: Email content is encrypted, but subject is visible in plain text
- Explanation: By default only the email body is encrypted, not the subject
- Solution (activate Protected Headers):
- At eclipso: Feature is automatically activated if your client supports it
- In Thunderbird: Automatically used (since version 78+)
- In other clients: Possibly not supported
- Workaround: Don't write sensitive information in the subject, only in the email text
- Technically: Protected Headers (RFC 8551) is supported by Thunderbird + eclipso, but not by all email clients
Frequently Asked Questions for Troubleshooting
- Q: Can eclipso support recover my passphrase?
A: No, this is technically impossible. Nobody (not even eclipso) knows your passphrase. - Q: Why do I see two icons (???? + ✅) on an email?
A: The email is encrypted AND signed - perfect security! - Q: Can I communicate with ProtonMail users?
A: Yes, ProtonMail also supports OpenPGP. Auto-import works! - Q: Why can't I send encrypted emails to GMX/Web.de?
A: GMX/Web.de don't offer OpenPGP support. Users would need to use Thunderbird. - Q: What happens if I delete my key?
A: Old encrypted emails can no longer be decrypted! Create backup!
- Q: Can eclipso support recover my passphrase?
Contact Support
- If your problem is not listed here, contact our support.
- Helpful information for faster assistance:
- Which email address are you using?
- Which email client (webmail, Thunderbird, Apple Mail)?
- Exact error message (screenshot helps!)
- When did the problem first occur?
- Important: Never share your passphrase with support!
Related Articles:
- What is OpenPGP and how does it work with eclipso? ↗
- How do I set up OpenPGP encryption in 60 seconds? ↗
- Key Backup and Recovery ↗
