Mailfence’s OpenPGP Keystore gives full control over key management
Mailfence secure and private email service comes with an easy to use integrated keystore that supports wide range of functionalities for managing OpenPGP keys. In this blogpost we highlight those OpenPGP keystore functionalities along with use-cases. Whether you use Mailfence’s own end-to-end encryption and/or digital signature feature or not, you can use Mailfence as a userfriendly web-based keystore. Why? Because Mailfence is completely inter-operable and give users full control over their OpenPGP keys!
Generate a keypair
- Generate a strong keypair (4096-bit length by-default) – encrypted with your passphrase.
- It will be associated with the ‘chosen’ Email address and the provided Name will become your UID.
- Multiple keypairs can be generated for one single email address.
Learn how to generate an OpenPGP key in our dedicated support.
Export your generated keypair
- Export your Mailfence keypair (with default sub-id) in .asc format and use it with any other OpenPGP compliant solution.
Learn how to export your generated keypair(s) in our support
View your keypair details
- At any time you can view keys and note down important details:
- First/Last name with associated key ID’s.
- Creation date/expiration date.
- KeyID and Fingerprint.
Access your keypair from any device
- Set a passphrase to protect your keys (with our zero-knowledge encryption framework): all encryption/decryption processes occurs in your device browser.
- Import and export your keypairs securely in our OpenPGP keystore via our web-interface and access them from any device.
Modify your keypair expiration date
- Change your keypair expiration date. This can be done whether it’s still valid or expired.
- Set your keypair to ‘not expire’.
Modify your private-key passphrase
- Modify your passphrase at any point in time. Choose a strong password!
Generate a revocation certificate
- Generate a revocation certificate right after generating your keypair or at any time after keypair generation.
- Save it in your Mailfence documents or download it to your device.
Learn how to generate a revocation certificate.
Revoke your keypair
- Revoke your keypair directly and publish your revocation certificate on public key servers.
- You can also revoke it without publishing the revocation certificate on public key servers.
Read this Knowledge base article to quickly learn how to revoke your Keypair
Manage multiple keypairs
- Import/generate multiple keypairs and use them simultaneously for encryption and digital signing.
- You can even have multiple keypairs associated with the same email ID.
Direct connection with public key servers
- Publish your public key on public OpenPGP public key servers.
– Note: this is a ‘one-way process’. It includes publishing your Mailfence account, email address, first and last name or any other associated UID. Be careful, since it cannot be reversed. You will NOT be able to unpublish your public key from public key servers, nor modify your personal data.
– Publish your public key updates (expiration date, revocation, …).
– Import other OpenPGP public keys directly from public key servers and check for updates. You can also download them to your device.
Send your public key with digitally signed email
- Send your public key via email attachment and digitally sign this email. This will allow your recipients to validate that you are indeed the claimed owner of your keypair.
Check out this short and quick Knowledge base to send an OpenPGP encrypted email
Verify the authenticity of public keys
– Verify the public key fingerprint (taken via side-channels such as phone, meeting in person, …) with existing public keys in your keystore.
An OpenPGP keystore that gives you real freedom
Finally, you can use all those OpenPGP keystore features without actually using Mailfence’s own OpenPGP based E2EE and Digital Signature features. Use Mailfence as a user-friendly web-based OpenPGP keystore. Simply create an account and import your existing OpenPGP keypair or generate one using our keystore. We give absolute freedom to our users in managing OpenPGP keys. Also we do not restrict our users in our own digital island i.e. inter-operability and full reversibility (you can export your encrypted keypair and data anytime).
Thanks to Mailfence, you do not have to deal anymore with techy command-line tools or commands to manage OpenPGP keys. Gone are the buggy platform dependent GUI’s and stand-alone add-ons/plugins. Mailfence took on the challenge to offer key management in an easy to use web interface. We believe that ‘Privacy is a right, not a feature’ – secure and private email should be in reach of everyone!
- Secure email: Why end-to-end encryption is at the heart of it
- OpenPGP encryption best practices, OpenPGP digital signature best practices
- The Mailfence SSL/TLS certificate
– Mailfence Team
Salman works as an Information security analyst for Mailfence. His areas of interests include cryptography, security architecture and design, access control and operations security. You can follow him on LinkedIn @mohammadsalmannadeem