Encryption

Sparrow lets you send and receive encrypted emails without installing any extra software. Two encryption standards are supported: PGP (via Sequoia) and S/MIME (via OpenSSL).

What encryption does

When you encrypt an email, only the intended recipient can read it. Even if someone intercepts the message, they see scrambled text. Encryption also lets you digitally sign messages to prove they came from you.

PGP encryption

PGP is the most popular email encryption standard. Sparrow uses the Sequoia OpenPGP library for all PGP operations.

Sending encrypted emails

  1. Compose a new message
  2. Click the lock icon in the toolbar
  3. Sparrow encrypts the message using the recipient's public key
  4. Only they can read it

You can also sign, encrypt, or sign-and-encrypt in a single operation. Encrypted output is armored (ASCII-safe).

Receiving encrypted emails

When someone sends you an encrypted email, Sparrow automatically decrypts it using your private key. You'll see a lock icon on the message indicating it was encrypted. Signed messages are verified automatically.

Managing your keys

  • Generate a key pair — Sparrow creates a signing subkey and a transport encryption subkey for you
  • Import existing keys — paste or import armored PGP keys in Settings > Encryption
  • Export your public key — share with contacts so they can send you encrypted messages
  • Export your private key — for backup (handle with care)
  • Key list — view all your keys with fingerprint, email, name, and creation date

Keys are stored as individual .pgp files, organized by fingerprint.

S/MIME encryption

S/MIME uses X.509 certificates, often provided by your employer or a certificate authority. Sparrow uses OpenSSL for S/MIME operations with AES-256-CBC encryption.

Setting up S/MIME

  1. Get a certificate file (.p12 or .pfx) from your organization or a provider
  2. Import it in Settings > Encryption > S/MIME (you'll need the certificate password)
  3. Sparrow uses it automatically when sending to recipients who support S/MIME

Certificate details

After importing, you can view certificate info: subject, issuer, email address, validity dates, SHA-256 fingerprint, and serial number.

Connection security

All connections between Sparrow and your email servers are encrypted with TLS. IMAP uses port 993 (implicit TLS), SMTP uses port 465 (TLS) or 587 (STARTTLS). Your emails are never transmitted as plain text.

Privacy by default

  • No data collection — Sparrow doesn't track what you do, ever
  • Remote images blocked — images in emails (sometimes used for tracking) are blocked by default. You can allow them for specific senders you trust
  • Local storage — all your email data is stored on your computer, not in anyone's cloud
  • Secure credential storage — passwords and tokens are kept in your OS keyring