Skip to content
Zimbra OpenPGP Zimlet - PGP Email encryption for Zimbra mail
JavaScript HTML Shell CSS AGS Script Java
Branch: stable
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
debian remove readme debian Feb 6, 2017
kvm updating KVM scripts May 12, 2019
rpms Update RPM package to the new release 2.6.8 Dec 6, 2016
test move all testcases to single tgz and order by bug number Jun 23, 2016
.gitignore adding zipfiles to gitignore Jun 4, 2016
LICENSE modify license to GNU GPL v2 Dec 2, 2015
Makefile added basic debian packaging for ubuntu May 30, 2016 Update Aug 6, 2018 move translations to .properties files May 14, 2016 update openpgp.js v1.4.0, zimlet to 1.8.3 Dec 13, 2015 move translations to .properties files May 14, 2016

Zimbra OpenPGP Zimlet

Demo video:

User manual:

Feature list:

Adding PGP support to Zimbra Collaboration Suite, currently tested on:

  • Windows: Internet Explorer 11, Google Chrome, Chromium, Firefox
  • Linux: Google Chrome, Chromium, Firefox, Iceweasel
  • MacOS OSX: Google Chrome, Safari 10.0

This Zimlet ONLY WORKS with Zimbra version 8.7.11 and above and is tested on 8.8.

This Zimlet is not available for use in Zimbra Desktop.

Bugs and feedback:

Report security issues to (PGP fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0)

For developers:


Install Zimbra OpenPGP Zimlet

[root@myzimbra ~]# rm -Rf /opt/zimbra/zimlets-deployed/_dev/tk_barrydegraaff_zimbra_openpgp/
[root@myzimbra ~]# su zimbra       
[zimbra@myzimbra ~] wget -O /tmp/
[zimbra@myzimbra ~] zmzimletctl deploy /tmp/
[zimbra@myzimbra ~] zmmailboxdctl restart

With translations support:

Without translations support:


***UNCHECKED*** gets added to the subject of encrypted mail

As root su to the root.
nano /opt/zimbra/common/sbin/amavisd
or if you are on 8.6 and before: 
nano /opt/zimbra/amavisd/sbin/amavisd

change the line:
$undecipherable_subject_tag = '***UNCHECKED*** ';
$undecipherable_subject_tag = '';
As zimbra:
zmamavisdctl restart


About private key security

When you generate a private key with this zimlet or copy-paste it when signing or decrypting, it is NOT being sent to the server and it is NOT stored on the server.

As of version 1.2.4 you can optionally store your private key in your browsers local storage. If you do not store your private key the server will ask you to provide it for each session. Also you can optionally store your passphrase to the Zimbra server. If you do not store your passphrase the server will ask you to provide it every time it is needed.

As of version 1.5.8 your private key is automatically encrypted with AES-256 when stored in your browsers local storage.


An unknown error (account.INVALID_ATTR_VALUE) has occurred.

When storing public keys > 5120 in ZCS 8.6:

As root:

nano /opt/zimbra/conf/attrs/zimbra-attrs.xml
Find the line: name="zimbraZimletUserProperties" type="cstring" max="5120"
and change it to: name="zimbraZimletUserProperties" type="cstring" max="51200"
then as user zimbra: zmcontrol restart

"zimbraZimletUserProperties" will be increased by default in ZCS 8.7 (to 51200)

Keyserver lookup

As of version 2.2.6 keyserver lookup is supported, the admin can set the keyserver to be queried in:

nano /opt/zimbra/zimlets-deployed/_dev/tk_barrydegraaff_zimbra_openpgp/config_template.xml
<property name="keyserver"></property>

If you can use your keyserver from a browser, but not from the Zimlet (0 undefined response), you may need to enable CORS. See: and

X-Mailer header for Thunderbird/Enigmail support

Thunderbird/Enigmail has some built in hacks to support email servers that do not support pgp/mime. Unfortunately that means that Zimbra OpenPGP Zimlet is identified wrongly as being Exchange server. This is fixed in Enigmail version 1.9.2. For compatibilty the X-Mailer header X-Mailer: ... ZimbraWebClient ... should be present in outgoing email. The sending of X-Mailer is enabled by default. If you changed the default you have to re-enable it using zmprov mcf zimbraSmtpSendAddMailer "TRUE";.


This zimlet does not work when composing in a new window



Copyright (C) 2014-2018 Barry de Graaff

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see

You can’t perform that action at this time.