Securing your ticket communication

The actual discussion on  possible unwanted readers of your mails shows the need to encrypt emails. OTRS has the possibility to sign and encrypt via S/MIME and PGP/GnuPG.

For enabling PGP only a few steps are needed. So this post shows how to setup PGP on your system.

Step 1 – Install GnPG

Step 2 – Create a key:

Enter the following command in your shell and follow the instructions

gpg --gen-key

Step 3 – Export Key:

gpg --export -a > public.asc
gpg --export-secret-key -a > private.asc

Step 4 – Activate PGP in sysconfig:


Step 5 – Upload Keys:

PGP_Key_Management_-_Admin_-_OTRSYou have to upload the public and the private key. Please ensure that you are using the Key ID of the secret key within Crypt::PGP for assigning the password! You also should be sure that the .gnupg directory was created and is assigned to the webserver user (thats why it is suggested to run the webserver with the OTRS user!) You can also have a look at the documentation for more hints.

Step 6 – Upload Customer Public Keys:

For encryption of emails to customers and verifying signatures OTRS needs the public key of your customer users stored. They can be uploaded via Customer Interface or the customer management screen in agent interface.

Preferences_-_OTRSStep 7 – Work with signed and encrypted mails

Now we can send and receive signed and encrypted mails

2013121056000081_-_Zoom_-_Ticket_-_OTRS-2Reply encrypted:

2013121056000081_-_Compose_-_Ticket_-_OTRS-4Verify changed mails:

2013121056000099_-_Zoom_-_Ticket_-_OTRS-2Happy ((encrypting))


This entry was posted in OTRS Administration, OTRS Best Practice, OTRS Consulting and tagged , by Jens. Bookmark the permalink.

About Jens

As a manager of technical support for many years, Jens is very experienced in project management and system support Structural planning and implementation of data processing centres, as well as planning and controlling of networks, administration of UNIX/ LINUX – systems, and development of Unix – Shell scripts for system maintenance complete the skill profile of Jens. As a technical oriented senior consultant he knows how to integrate technological know how in his consulting approach and at the same time being transparent and understandable. He’s been working as a trainer for long years, this knowledge about group dynamics and learning processes make his trainings successful, vivid and goal-oriented.

3 thoughts on “Securing your ticket communication

  1. Is it possible to have
    1) sign each outgoing mail signed by default (autoresponder also)
    2) encrypt each outgoing mail if recipient’s key is in the OTRS system already

  2. Hi Peter,

    actually not. But I would be happy to discuss your needs and send you a ballpark for the needed development. Please send me a mail to with some description of the wanted feature.

Leave a Reply

Your email address will not be published. Required fields are marked *