cryptovision GreenShield

Encryption and digital signature with
approval up to VS-NfD and NATO/EU-restricted


Convenient, authorized, secure: GreenShield software protects emails and files from unauthorized access and verifies the sender beyond doubt. GreenShield supports authorities and industry in complying with regulations for the protection of information when it requires secrecy. The German Federal Office for Information Security (BSI) has approved GreenShield for the transmission and processing of classified information up to classification level VS-NfD.

Today, companies and public authorities are exposed to numerous cyber attacks. Those who want to ensure that information and operations are protected from unauthorized knowledge must secure digital communications. This is especially true for government agencies and their industry partners, who are subject to their respective confidentiality regulations. GreenShield has implemented end-to-end encryption on the S/MIME as well as the OpenPGP standard in a user-friendly and straightforward manner.


As an add-in for Microsoft Outlook, HCL Notes, Windows, and Ubuntu, GreenShield integrates seamlessly with the user’s email program or operating system and is extremely easy to use. An integrated PKCS#11 module and PKI client simplify key management and recovery mechanisms. GreenShield offers central configuration and supports all common smartcards and tokens.

Data security
  • End-to-end encryption
  • VS-NfD-, NATO-restricted and EU-restricted approved
Focus on VS customer requirements
  • File and email security
  • Signature and verification
  • Encryption and decryption
  • Asymmetric and symmetric algorithms
  • Smart card, soft token or password
  • Chiasmus replacement depending on customer needs
  • S/MIME and OpenPGP support
High user-friendliness
  • No change of usual work: seamless integration as add-in in Microsoft Outlook and HCL (IBM) Notes
  • Only little user training required
  • Intuitive operation
  • Integrated online help
  • One-click helpdesk export
  • Support of S/MIME and OpenPGP standards
  • Compatible with GnuPG and all S/MIME-capable clients
  • Available for MS Outlook & HCL (IBM) Notes
  • Supports all smart cards that are common in VS environments
Central administration
  • Central control of certificates and trust states
  • Individual configuration on system/admin/user level possible
  • Easy installation
Flexible smartcard support
  • Crypto software „Made in Germany“
  • > 20 years of development and certification expertise
  • Dedicated development and consulting team
  • Extensive project experience in the public sector
  • Roadmap and support guarantee
Extensive support and implementation services
  • In-house user training
  • Innovative user support system
  • Unlimited first and second level support possible
  • Guaranteed SLAs for third-level support
  • Multi-tenant ticket system*
  • Integration support with respect to test environment, going productive and much more
  • Support in creation of operation and security policies
Proven standards and crypto algorithms
  • S/MIME
  • OpenPGP
  • X.509 certificates and revocation lists
  • PKCS#1, PKCS#10, PKCS#11 and PKCS#12
  • RSA, Diffie-Hellman, DSA, SHA-2, AES, Triple-DES and other crypto algorithms

* for larger operators

Product Sheet

Data Sheet (Mail)

Data Sheet (File)

Application examples (German)

File encryption
(Chiasmus replacement)

Symmetric file encryption
Symmetric file decryption
Asymmetric file encryption
Asymmetric file decryption

E-mail encryption

E-Mail signature and encryption
Receive encrypted mail with invalid signature
Receive encrypted and signed mail

Frequently Asked Questions

Can classified information be exchanged digitally?
Yes, information with VS classification up to and including NfD (for official use only) can be exchanged in encrypted form. The data can be shared by e-mail or stored on a data carrier. In any case, the VSA (classified information directive) or the secrecy manual (for industries subject to secrecy) must be observed. In addition, only tools approved by the Federal Office for Information Security (BSI) may be used for encryption.
Where can I get the certificates?

The certificates for the so-called “approved operation mode” must fulfil certain security criteria (see VSA). Industry partners handling classified information can obtain these certificates e.g. via D-Trust GmbH. Ministeries and other official agencies receive their certificates e.g. via the “Informationsverbund Berlin-Bonn (IVBB)”, operated by the “Bundesanstalt für den Digitalfunk der Behörden und Organisationen mit Sicherheitsaufgaben (BDBOS)” or via their own sub-CA of the V-PKI (Bundeswehr).


How can GreenShield be licensed?
There are different licence models (user licence, company licence, etc.), about which we will be happy to inform you. Please use the form at the bottom of this page to contact us. We look forward to hearing from you!
Can GreenShield be used on mobile devices?
Mails protected, sent or received with GreenShield can be processed on mobile devices. This does not require GreenShield on the mobile device, as interoperability with common S/MIME-capable mobile mail clients such as Apple Mail on iOS/iPadOS, Outlook mobile and others is ensured.
Does GreenShield have a backdoor?
No, GreenShield does not have a backdoor but offers seamless end-to-end encryption. Data can only be decrypted by the recipients selected during encryption or their private keys. If access to these keys is not (or no longer) possible, the protected data cannot be decrypted in any other way.
Why GreenShield and not gateway encryption?
Unlike gateway-based encryption, data is protected ‘end-to-end’ with GreenShield. This means that internal attackers, for example, have no way of gaining access to unprotected emails on an Exchange server, as could be the case with a gateway solution. With GreenShield, data is encrypted on the sender’s client and only decrypted again on the recipient’s client.
Does my communication partner need GreenShield?
No, GreenShield is interoperable with common S/MIME and OpenPGP-capable email clients, both for desktop and mobile applications. This is ensured by the standard conformity.
However, certain convenient functions, such as a simplified process for verifying the identity of a communication partner who has sent a new certificate, are only possible if both communication partners use GreenShield.
Are smart cards required to use GreenShield?
No, GreenShield can be used with or without a smartcard. As an alternative to the classic smartcard, GreenShield supports so-called soft tokens, which are stored in a secure store on the file system, and the use of virtual smartcards, such as the SCinterface VSC, is also possible. For larger environments, a remote key store such as the Keymaster may also be suitable.

Do you have any further questions?

Do not hesitate to contact us.

Email security references



PQC ready

The innovative extension for cryptovision GreenShield

It enables PQC and composite signatures, as well as PQC encryption with CRYSTALS-Dilithium and CRYSTALS-Kyber.

Would you like to find out more? Do not hesitate to contact us.

You’re interested in email and data security?

Request information without obligation. We will provide it to you in a timely manner.

Your data will not be passed on to third parties. You have the possibility to unsubscribe from the mailing list at any time. You can find information about privacy statement here.


Do you have a question? Contact us now!

Do you have any questions about one of our products or solutions? Don't hesitate to contact us. We'll give you expert advice.