When you send an unencrypted email, it travels through multiple servers between you and the recipient. Any of those servers can read it. The email provider on your end can read it. The email provider on the recipient's end can read it. Anyone who intercepts the network traffic can read it. Email, in its basic form, is closer to a postcard than a sealed letter.
PGP — Pretty Good Privacy — was created in 1991 to fix this. More than three decades later, it remains the foundation of end-to-end email encryption used by privacy-focused services including Tobava Mail, ProtonMail, and Tutanota.
PGP uses asymmetric cryptography — a system where encryption and decryption use different keys. Each person has two mathematically linked keys: a public key and a private key.
The public key can be shared with anyone. If someone wants to send you an encrypted message, they use your public key to encrypt it. The resulting ciphertext can only be decrypted by your private key — and your private key never leaves your device.
Think of it like a padlock. Your public key is the open padlock, which anyone can use to lock a message intended for you. Your private key is the key that opens it, which only you possess. You can give out padlocks to anyone, but you keep the only key.
The message is encrypted on your device before it leaves, and decrypted on the recipient's device after it arrives. Every server in between sees only encrypted data.
PGP protects the content of your messages. The email body, attachments, and subject line (in most implementations) are encrypted.
PGP does not protect metadata. The email servers that route your message can still see who sent it, who received it, the timestamp, the server addresses involved, and the message size. Metadata alone can be extremely revealing — knowing that you emailed a specific doctor, lawyer, or journalist at a particular time tells a story even without the message content.
Tobava Mail mitigates metadata exposure by stripping IP addresses from outgoing message headers, so recipients cannot see your IP address. However, no email service can fully hide the fact that two addresses communicated — that requires more advanced tools like anonymous remailers.
PGP also supports digital signatures, which serve a different purpose from encryption. A digital signature proves that a message was sent by the person who holds a particular private key and has not been modified in transit.
When you sign an email with your private key, recipients can verify the signature using your public key. If the signature is valid, they know the message came from you and has not been tampered with. This is valuable for preventing impersonation — a signed email from your known public key cannot be forged by someone who does not have your private key.
Tobava Mail handles the complexity of key management automatically. When you create a Tobava Mail account, a key pair is generated on your device. Your private key is encrypted with your account password and stored locally — it is not uploaded to our servers in a form we can use.
When you send a message to another Tobava Mail user, end-to-end encryption is applied automatically. No configuration is required. When you send to a Gmail or other standard email address, the message is sent unencrypted (because Gmail does not support PGP by default) but still protected by standard TLS transport encryption between servers.
For advanced users who want to use PGP with non-Tobava recipients, Tobava Mail supports importing and exporting PGP keys in the standard OpenPGP format. You can publish your public key on a keyserver so that any PGP-compatible email client can encrypt messages to you.
One practical challenge with PGP is verifying that a public key actually belongs to the person you think it does. Anyone can create a key claiming to be any email address. If an attacker substitutes their own public key for your recipient's, you would encrypt messages that they can read.
Tobava Mail addresses this through key verification. When you first correspond with another Tobava Mail user, the application displays a key fingerprint — a short string derived from their public key — that you can compare out-of-band (e.g., by phone or in person) to confirm you have the right key. Once verified, the key is trusted for future messages.
This is a fundamental property of end-to-end encryption: the security depends on verifying keys. Automated key exchange, which services like ProtonMail and Tobava Mail use to make the experience seamless within their networks, trades some of this control for usability while maintaining strong protections against third-party interception.
The volume of email interception — both by criminal actors and by governments — has grown significantly in the past decade. Data breaches expose email content stored on servers. Legal processes compel email providers to disclose message contents. Intelligence agencies intercept email traffic at internet exchange points.
End-to-end encryption defeats all of these attacks. If Tobava's servers are breached, attackers find encrypted ciphertext that cannot be decrypted without your private key. If Tobava receives a legal demand for your email content, we have nothing to provide. The content exists only on your device and your recipient's device.
This is the architecture of genuine privacy: not a policy commitment, but a technical reality.
Tobava Mail applies end-to-end encryption automatically between Tobava users. Create your private inbox at mail.tobava.com →