[GH-ISSUE #328] [Feature request] Set PGP key for recipient on account registration (and use it when sending verification email) #273

New issue

Closed

opened 2026-03-01 17:46:12 +03:00 by kerem · 0 comments

kerem commented 2026-03-01 17:46:12 +03:00

Owner

Copy link

Originally created by @alexaka1 on GitHub (Aug 28, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/328

Scenario:

When registering a new account, the user is required to provide a recipient (and verify it) to complete registration and unlock the service (-failure to do so deletes the account in a month or so).
When clicking register, the verification email is sent immediately with no encryption (duh). But the user can access the site and change settings such as the initial recipient address. In recipients the user can provide a PGP public key, and enable encryption to an unverified email (this is actually the case for existing accounts as well), but from what I tested, email verification never uses the PGP key.

Request no.1:

Provide a field on the registration form, where a new user can optionally provide a PGP key, and use encryption from the very first interaction with the forwarding service. This could potentially be a UX issue for normie users, who'll be turned away by a scary checkbox called Advanced mode, that enables the PGP form input and other advanced features down the line.

Request no.2:

For a new recipient (be it completely new AnonAddy account or just a new recipient address) have an option to not send the verification email when just adding the address, so the user can upload a PGP key (at /recipients, and then click re-send verification button, and recieve E2E verification email to the new address.

Justification:

AnonAddy offers PGP support in the free tier (unless this is subject to change in the future) and recently you updated the codebase to use PGP for non-forwarding emails as well (notifications, payment confirmations etc.), so the ability to use E2E communication from the beginning makes sense. In my opinion the PGP support for AnonAddy is only for privacy against one's email provider, ie. gmail, so not letting the provider read the initial verification link, could potentially be a use-case for some users.

Originally created by @alexaka1 on GitHub (Aug 28, 2022). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/328 ### Scenario: When registering a new account, the user is required to provide a recipient (and verify it) to complete registration and unlock the service (-failure to do so deletes the account in a month or so). When clicking register, the verification email is sent immediately with no encryption (duh). But the user can access the site and change settings such as the initial recipient address. In recipients the user can provide a PGP public key, and enable encryption to an unverified email (this is actually the case for existing accounts as well), but from what I tested, email verification never uses the PGP key. ### Request no.1: Provide a field on the registration form, where a new user can optionally provide a PGP key, and use encryption from the very first interaction with the forwarding service. This could potentially be a UX issue for normie users, who'll be turned away by a scary checkbox called Advanced mode, that enables the PGP form input and other advanced features down the line. ### Request no.2: For a new recipient (be it completely new AnonAddy account or just a new recipient address) have an option to **not** send the verification email when just adding the address, so the user can upload a PGP key (at `/recipients`, and then click re-send verification button, and recieve E2E verification email to the new address. ### Justification: AnonAddy offers PGP support in the free tier (unless this is subject to change in the future) and recently you updated the codebase to use PGP for non-forwarding emails as well (notifications, payment confirmations etc.), so the ability to use E2E communication from the beginning makes sense. _In my opinion the PGP support for AnonAddy is only for privacy against one's email provider, ie. gmail, so not letting the provider read the initial verification link, could potentially be a use-case for some users._

kerem closed this issue 2026-03-01 17:46:12 +03:00

kerem referenced this issue 2026-03-14 10:39:03 +03:00

[GH-ISSUE #273] My email client has a fit when receiving encrypted mail from aliases #797

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#273

No description provided.