CipherMail email encryption gateway

The most configurable encryption gateway on the market, available in community open-source and commercial edition.

how it works

Simplify your email encryption experience

CipherMail email encryption gateway supports all the four major encryption standards: S/MIME, PGP, PDF encrypted email and TLS.

S/MIME and PGP use public key encryption (PKI) for encryption and signing. PDF encryption can be used as a lightweight alternative to S/MIME and PGP. The only requirement is a PDF reader for the recipient.

The CipherMail gateway automatically detects which encryption standard is supported by the recipient.

For example if an email is sent to four recipients and each recipient supports a different encryption method, the email is encrypted with four different methods.

The sender does not have to think about the capabilities of the recipients, the gateway will automatically handle this for you.

Compatible with all email systems

Compatible with any SMTP based email service like Microsoft Exchange and cloud based providers like O365, Google Workspace etc.

Flexible policy setup

Settings can be specified at gateway, domain and user level. The system can be extended to support company specfic rules.

Digital signing

By signing an email, a recipient can validate the identity of the sender. This helps against email spoofing and phishing. The signature also prevents the email from being modified without detection.


Supports all email encryption standards

CipherMail email encryption gateway supports all the main email encryption standards: S/MIME, PGP, PDF encrypted email and TLS.


S/MIME is the most widely used email encryption and digitally signing standard.

Especially in corporate and governmental organizations.

S/MIME is based on Public Key Infrastructure (PKI). Most email clients, like Outlook, support S/MIME out of the box.

The CipherMail gateway can be configured to automatically encrypt and sign email with S/MIME.


PGP is one of the oldest email encryption and digital signing standard.

PGP is similar to S/MIME and works with public and secret keys.

The gateway supports PGP/MIME and PGP/INLINE.

PDF encryption

PDF encryption is a lightweight alternative to S/MIME or PGP.

With the PDF encryption module, the complete email, including all attachments, is converted into a password-protected PDF.

The password-protected PDF is then sent to the recipient. The recipient can open the PDF using a standard PDF reader.


The main difference between TLS and S/MIME or PGP is that TLS only encrypts the communication channel and not the email itself.

With TLS, if the email is stored on a mail server, it will be stored in plain text.

With full message encryption like S/MIME or PGP, the email itself will be encrypted. It is advised to combine S/MIME and PGP with TLS.


Packed with useful features

CipherMail email encryption gateway supports all four encryption standards: S/MIME, PGP, PDF encrypted email and TLS.

Open source design

The open source CipherMail Core modules are shared between the community edition and the commercial edition. The source code can be downloaded from

Hardware Security Module (HSM)

For additional security, keys can be securely generated and stored on a tamperproof hardware Security Module (HSM).

Data Leak Prevention

The built-in data leak prevention module can be configured to filter credit card numbers, bank account numbers, excessive amounts of email addresses or other personal information from emails.

Easy setup

Can be installed as a virtual appliance for VMware or Hyper-V. Installation packages are available for Ubuntu, Debian, Red Hat/CentOS and OpenSUSE.

Built-in Certificate Authority (CA)

Built-in CA can be used to issue X.509 certificates for internal and external users. The gateway can utilize external CA servers like for example EJBCA, GlobalSign, Sectigo etc.

Domain to domain encryption

The gateway supports S/MIME and PGP domain to domain encryption making encryption with your business partners completely transparent.