CipherMail Email Encryption Gateway

The most configurable encryption gateway on the market, available in community open-source and commercial editions.

how it works

Simplify your email encryption experience

CipherMail Email Encryption Gateway supports all four major encryption standards: S/MIME, PGP, PDF encrypted email and TLS.

S/MIME and PGP use public key encryption (PKI) for encryption and signing. PDF encryption can be used as a lightweight alternative to S/MIME and PGP. The only requirement for the recipient is a PDF reader.

The CipherMail Gateway automatically detects which encryption standard is supported by the recipient. For example, if an email is sent to four recipients and each recipient supports a different encryption method, the email is encrypted with four different methods.

The sender does not have to think about the capabilities of the recipients, the gateway will automatically handle this for you.

Compatible with all email systems

Compatible with any SMTP based email service like Microsoft Exchange and cloud based providers like Office 365 and Google Workspace.

Flexible policy setup

Settings can be specified at gateway, domain and user level. The system can be extended to support company-specfic security rules.

Digital signing

By signing an email, a recipient can validate the identity of the sender. This helps against email spoofing and phishing. The signature also prevents the email from being modified without detection.

Supports all email encryption standards

CipherMail Email Encryption Gateway supports all major email encryption standards: S/MIME, PGP, PDF encrypted email and TLS.


S/MIME is the most widely used email encryption and digital signature standard, especially in enterprises and governmental organizations.

S/MIME is based on Public Key Infrastructure (PKI). Most email clients, like Outlook, support S/MIME out of the box.

The CipherMail Email Encryption Gateway can be configured to automatically encrypt and sign emails with S/MIME.


PGP is one of the oldest email encryption and digital signing standards. It is similar to S/MIME but works with a web-of-trust model instead of certificates.

The gateway supports PGP/MIME and inline PGP.

PDF encryption

PDF encryption is a lightweight alternative to S/MIME and PGP.

With the PDF encryption module, the complete email, including all attachments, is converted into a password-protected PDF document. The password-protected document is then sent to the recipient. The recipient can open it using a standard PDF reader.


The main difference between TLS and S/MIME or PGP is that TLS encrypts the communication channel and not the email itself.

With TLS, if the email is stored on a mail server, it will be stored in plain text.

With full message encryption like S/MIME or PGP, the email itself will be encrypted. It is advised to combine S/MIME and PGP with TLS.

Packed with useful features

CipherMail email encryption gateway supports all major encryption standards: S/MIME, PGP, PDF encrypted email and TLS.

Open source design

The open source CipherMail Core modules are shared between the community edition and the commercial edition. The source code can be downloaded from

Hardware Security Module

For additional security, private keys can be securely generated and stored on a tamper-proof Hardware Security Module (HSM).

Data Leak Prevention

The built-in data leak prevention module can be configured to filter credit card numbers, bank account numbers, excessive amounts of email addresses or other personal information from emails.

Easy setup

The Gateway can be installed as a virtual appliance for VMware or Hyper-V. Installation packages are available for Ubuntu, Debian, Red Hat/CentOS and OpenSUSE.

Built-in Certificate Authority

The built-in certificate authority (CA) can be used to issue X.509 certificates for internal and external users. The Gateway can utilize external CAs like GlobalSign and Sectigo, and even your own EJBCA server.

Domain-to-domain encryption

The gateway supports S/MIME and PGP domain-to-domain encryption, making encryption with your business partners completely transparent.