// Private, Encrypted Contact Forms

// Private, Encrypted Contact Forms

PGP Encryption

All FnContact forms include the ability to enable PGP encryption to ensure end-to-end privacy and security.

What is PGP?

PGP (Pretty Good Privacy) is a public key encryption system used to ensure data is transmitted securely and only accessible to it's intended recipient.

Why PGP for a Contact Form?

Enabling PGP for a contact form allows your users to be confident that their message will be transmitted securely and that only YOU will be able to read it. It also provides you with the assurance that no one intercepted the message, since each message is encrypted in the user's browser and decrypted in yours.

How we use PGP

Our goal is to make PGP useful and accessible for everyone - without needing to understand or use the complicated underlying tools. We use the excellent KBPGP.js library for browser-based PGP key generation and encryption/decryption. All processing is handled locally in the browser, so no passphrases or unencrypted data is ever sent to us. Once a message is encrypted, no one can decrypt it except you.

In a nutshell, here is our process for implementing PGP for your contact form:

  1. First, you generate a PGP Key Pair (private/public keys) for your form (in your browser or you can provide your own keys if you wish)
  2. Your private key is then encrypted with a passphrase (in your browser using 256bit AES)
  3. Your public key and encrypted private key is then transmitted to us for storage
  4. When someone uses your contact form, their message is encrypted to your public key (in their browser)
  5. When you login to your dashboard, you will then "unlock" your private key with your passphrase to enable decryption of your messages (in your browser)

About your Private Key

The most important aspect when using PGP is to keep your private key safe, secure and in your control. Since FnContact is a web application, we need to store your private key on our servers so that we can send it back to you when you login. However, because your private key is encrypted with a passphrase before being initially transmitted to us, we have no way to unlock it and therefore no way to decrypt your messages. Only you can decrypt your messages.

To see how we generate PGP key pairs in your browser, check out our PGP Key Pair Generator.


If you have questions, concerns or would like more information about our PGP implementation, please contact us.

© Copyright 2014-2017 fnContact.com
// Web Hosting provided by Krellen