Mailfence’s OpenPGP keystore gives full control over key management

Mailfence secure and private email service comes with an easy to use integrated keystore that supports wide range of functionalities for managing OpenPGP keys. In this blogpost we highlight those OpenPGP keystore functionalities along with use-cases. Whether you use Mailfence’s own end-to-end encryption and/or digital signature feature or not, you can use Mailfence as a userfriendly web-based keystore.  Why? Because Mailfence is completely inter-operable and give users full control over their OpenPGP keys!

Generate a keypair

openpgp keystore: generate keypair

  • Generate a strong keypair (4096-bit length by-default) – encrypted with your passphrase.
  • It will be associated with the ‘chosen’ Email address and the provided Name will become your UID.
  • Multiple keypairs can be generated for one single email address.

Export your generated keypair

openpgp keystore: export keypair

  • Export your Mailfence keypair (with default sub-id) in .asc format and use it with any other OpenPGP compliant solution.

View your keypair details

openpgp keystore: view keypair details

  • At any time you can view keys and note down important details:
    • First/Last name with associated key ID’s.
    • Creation date/expiration date.
    • KeyID and Fingerprint.

Access your keypair from any device

  • Set a passphrase to protect your keys (with our zero-knowledge encryption framework): all encryption/decryption processes occurs in your device browser.
  • Import and export your keypairs securely in our OpenPGP keystore via our web-interface and access them from any device.

Modify your keypair expiration date

openpgp keystore: modify expiration date

  • Change your keypair expiration date.  This can be done whether it’s still valid or expired.
  • Set your keypair to ‘not expire’.

Modify your private-key passphrase

openpgp keystore: modify private key passphrase

  • Modify your passphrase at any point in time.  Choose a strong password!

Generate a revocation certificate

openpgp keystore: generate revocation certificate

  • Generate a revocation certificate right after generating your keypair or at any time after keypair generation.
  • Save it in your Mailfence documents or download it to your device.

Revoke your keypair

openpgp keystore: revoke keypair

  • Revoke your keypair directly and publish your revocation certificate on public key servers.
  • You can also revoke it without publishing the revocation certificate on public key servers.

Manage multiple keypairs

openpgp keystore: manage multiple keypairsopenpgp keystore: manage multiple keypairs

  • Import/generate multiple keypairs and use them simultaneously for encryption and digital signing.
  • You can even have multiple keypairs associated with the same email ID.

Direct connection with public key servers

  • Publish your public key on public PGP public key servers.

  – Note: this is a ‘one-way process’.  It includes publishing your Mailfence account, email address, first and last name or any other associated UID.  Be careful, since it cannot be reversed.  You will NOT be able to unpublish your public key from public key servers, nor modify your personal data.

– Publish your public key updates (expiration date, revocation, …).

openpgp keystore: connection with public keyservers

openpgp keystore: connection with public keyservers– Import other OpenPGP public keys directly from public key servers and check for updates. You can also download them to your device.

Send your public key with digitally signed email

openpgp keystore: send public key via signed email

  • Send your public key via email attachment and digitally sign this email. This will allow your recipients to validate that you are indeed the claimed owner of your keypair.

Verify the authenticity of public keys

openpgp keystore: verify public keys

            – Verify the public key fingerprint (taken via side-channels such as phone, meeting in person, …) with existing public keys in your keystore.

An OpenPGP keystore that gives you real freedom

Finally, you can use all those OpenPGP keystore features without actually using Mailfence’s own OpenPGP based E2EE and Digital Signature features. Use Mailfence as a user-friendly web-based OpenPGP keystore.  Simply create an account and import your existing OpenPGP keypair or generate one using our keystore. We give absolute freedom to our users in managing OpenPGP keys. Also we do not restrict our users in our own digital island i.e. inter-operability and full reversibility (you can export your encrypted keypair and data anytime).

Thanks to Mailfence, you do not have to deal anymore with techy command-line tools or commands to manage OpenPGP keys. Gone are the buggy platform dependent GUI’s and stand-alone add-ons/plugins. Mailfence took on the challenge to offer key management in an easy to use web interface. We believe that ‘Privacy is a right, not a feature’ –  secure and private email should be in reach of everyone!

Also check:

Get your secure email!

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team


Spread the word !

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *