OpenPGP vs. S/MIME - What's the difference?

OpenPGP vs. S/MIME - What's the difference?

eclipso Mail Europe supports both leading email encryption standards: OpenPGP and S/MIME. Both offer end-to-end encryption but differ in functionality, costs, and use cases. This article helps you make the right choice.


You can use both standards in parallel! Choose depending on your communication partner: OpenPGP for individuals and privacy enthusiasts, S/MIME for business communication and enterprises.
 

• Core Differences at a Glance

  Property	OpenPGP	S/MIME
  Standard	RFC 4880 (Open Source)	RFC 8551 (X.509 Certificates)
  Cost at eclipso	✅ FREE (even freemail!)	⚠️ Certificate approx. €50/year (external)
  Certificate Authority	❌ No CA needed (self-signed)	✅ CA required (e.g., DigiCert, D-Trust)
  Trust Model	Web of Trust (decentralized)	PKI (Public Key Infrastructure, centralized)
  Setup Duration	✅ 60 seconds (setup wizard)	⚠️ ~30 minutes (buy + import certificate)
  Prevalence Individuals	✅ High (Thunderbird, K-9 Mail)	❌ Low (mostly only in enterprises)
  Prevalence Enterprises	⚠️ Medium	✅ Very high (standard in companies)
  Client Support	✅ Thunderbird, Apple Mail, K-9 Mail	✅ Outlook, Apple Mail, Thunderbird
  eclipso Auto-Import	✅ Yes (from signed emails)	✅ Yes (from signed emails)
  Legal Validity in DE	✅ Yes (qualified certificate possible)	✅ Yes (often with eIDAS certificate)
  Recommendation	✅ Individuals, Privacy	✅ Business, Enterprises

• What is OpenPGP?

  • Philosophy: Decentralized, open source, no dependency on certificate authorities
  • How it works: You create a key pair yourself (private + public) without external validation
  • Trust: "Web of Trust" - you decide yourself which keys you trust
  • Cost: 100% free - even for freemail users (1 key free)
  • Ideal for:
    • Individuals with privacy awareness
    • Journalists and activists (whistleblower communication)
    • Open source projects
    • Anyone who doesn't want to pay certificate costs
  • eclipso advantages:
    • Native integration in webmail (no browser extension needed!)
    • Automatic key exchange with signed emails
    • Thunderbird compatibility (trust levels, protected headers)
    • Only provider worldwide with freemail PGP!

• What is S/MIME?

  • Philosophy: Central, established in enterprises, trust based on certificate authorities
  • How it works: You buy a certificate from a CA (e.g., D-Trust, DigiCert) that confirms your identity
  • Trust: PKI (Public Key Infrastructure) - trust is based on CA hierarchy
  • Cost: Approx. €50/year for personal certificate (at D-Trust, DigiCert, etc.)
  • Ideal for:
    • Business communication (B2B)
    • Companies with PKI infrastructure
    • Legally secure communication (qualified certificates per eIDAS)
    • Emails with authorities and banks
  • eclipso support:
    • Full S/MIME support in all plans
    • Certificate upload via webmail or email client
    • Automatic import of certificates from signed emails
    • Compatible with Outlook, Apple Mail, Thunderbird

• When to use which standard?

  • Use OpenPGP when...
    • You communicate with individuals (friends, family, like-minded people)
    • You don't want to pay certificate costs
    • You want maximum control over your keys (zero-knowledge)
    • Your communication partner uses Thunderbird, K-9 Mail, or Apple Mail
    • You are a journalist, activist, or whistleblower contact
    • You use freemail (only provider worldwide with free PGP!)
  • Use S/MIME when...
    • You work in a company that requires S/MIME
    • Your business partners use S/MIME (e.g., lawyers, banks, authorities)
    • You need legally valid signatures (qualified certificates)
    • Your company operates a PKI infrastructure
    • You use Microsoft Outlook as main client
  • Use BOTH in parallel when...
    • You send encrypted emails both privately and professionally
    • Your contacts are mixed (individuals + business partners)
    • You want maximum flexibility
    • Tip: eclipso automatically chooses the right standard based on your settings!

• Technical Differences

  • Encryption methods:
    • OpenPGP: RSA 2048/4096 Bit + AES-256 (hybrid method)
    • S/MIME: RSA 2048/4096 Bit + AES-256 (X.509 certificates)
    • Result: Both are technically equally secure!
  • Signature algorithm:
    • OpenPGP: RSA-SHA256 or RSA-SHA512
    • S/MIME: RSA-SHA256 or ECDSA-SHA384
  • Key management:
    • OpenPGP: Keyserver optional (eclipso auto-import makes them unnecessary!)
    • S/MIME: Certificate server of CA (automatic)
  • Validity:
    • OpenPGP: Unlimited (until revocation or expiration date)
    • S/MIME: 1-3 years (certificate must be renewed)
  • Revocation:
    • OpenPGP: Revocation certificate (self-created)
    • S/MIME: CRL (Certificate Revocation List) of CA

• Interoperability: Can I communicate between OpenPGP and S/MIME?

  • Answer: NO - OpenPGP and S/MIME are incompatible standards.
  • Example scenario:
    • You use OpenPGP, your business partner uses S/MIME
    • Encrypted communication is not possible
    • Solution: One of you must add the other standard
  • eclipso advantage: You can use both standards in parallel!
    • OpenPGP key for individuals
    • S/MIME certificate for business communication
    • eclipso automatically chooses the appropriate standard based on recipient
  • Recommendation: Set up both if you have mixed contacts

• Cost Comparison

  Standard	Setup	Annual Costs	Costs over 5 years
  OpenPGP	€0	€0	€0
  S/MIME (personal cert.)	~€50 (first year)	€50 (certificate renewal)	€250
  S/MIME (eIDAS qualified)	~€150 (first year)	€150 (certificate renewal)	€750

  
  Conclusion: OpenPGP saves up to €750 over 5 years (with qualified S/MIME certificates)!

• Frequently Asked Questions

  • Q: Can I use both standards simultaneously?
    A: Yes! eclipso supports OpenPGP AND S/MIME in parallel. Choose based on recipient.
  • Q: Is OpenPGP less secure than S/MIME?
    A: No, technically both are equally secure (both use RSA + AES-256). The difference is in the trust model.
  • Q: Can I communicate with ProtonMail users?
    A: Yes, ProtonMail also supports OpenPGP. Sign your emails and key exchange works automatically!
  • Q: Do I need keyservers for OpenPGP?
    A: No! eclipso's auto-import makes keyservers unnecessary (works like Posteo/Thunderbird).
  • Q: Can I use my existing S/MIME certificate with eclipso?
    A: Yes, simply upload it in settings (.p12/.pfx file) and you're done!
  • Q: What happens when my S/MIME certificate expires?
    A: You must buy and import a new certificate. OpenPGP keys don't have this problem (valid indefinitely).
  • Q: Which standard is more privacy-friendly?
    A: OpenPGP - no CA has access to your keys, true zero-knowledge principle.

• Important Notes

  • You don't have to choose - use both standards in parallel!
  • OpenPGP is free and sufficient for 90% of individuals
  • S/MIME is mainly worthwhile for business communication
  • eclipso automatically chooses the right standard (configurable in settings)
  • Both standards offer equal security - the difference is organizational, not technical
  • eclipso is the only provider worldwide offering OpenPGP FREE for freemail!

• What is OpenPGP and how does it work with eclipso? ↗
• How do I set up OpenPGP encryption in 60 seconds? ↗
• How do I set up S/MIME encryption? ↗
• What's the difference between signing and encrypting? ↗