Mailfence secure and private email service comes with an easy to use integrated keystore that supports wide range of functionalities for managing OpenPGP keys. In this blogpost we highlight those OpenPGP keystore functionalities along with use-cases. Whether you use Mailfence’s own end-to-end encryption and/or digital signature feature or not, you can use Mailfence as a userfriendly web-based keystore. Why? Because Mailfence is completely inter-operable and give users full control over their OpenPGP keys!



Generate a keypair

Generate a strong keypair (4096-bit length by-default) – encrypted with your passphrase.

It will be associated with the ‘chosen’ Email address and the provided Name will become your UID.

Multiple keypairs can be generated for one single email address.

Learn how to generate an OpenPGP key in our dedicated support.

Export your generated keypair

Export your Mailfence keypair (with default sub-id) in .asc format and use it with any other OpenPGP compliant solution.

Learn how to export your generated keypair(s) in our support

View your keypair details

At any time you can view keys and note down important details: First/Last name with associated key ID’s. Creation date/expiration date. KeyID and Fingerprint.



Access your keypair from any device

Set a passphrase to protect your keys (with our zero-knowledge encryption framework): all encryption/decryption pro cesses occurs in your device browser.



Import and export your keypairs securely in our OpenPGP keystore via our web-interface and access them from any device.

Modify your keypair expiration date

Change your keypair expiration date. This can be done whether it’s still valid or expired.

Set your keypair to ‘not expire’.

Modify your private-key passphrase

Modify your passphrase at any point in time. Choose a strong password!

Generate a revocation certificate

Generate a revocation certificate right after generating your keypair or at any time after keypair generation.

Save it in your Mailfence documents or download it to your device.

Learn how to generate a revocation certificate.

Revoke your keypair

Revoke your keypair directly and publish your revocation certificate on public key servers.

You can also revoke it without publishing the revocation certificate on public key servers.

Read this Knowledge base article to quickly learn how to revoke your Keypair

Manage multiple keypairs



Import/generate multiple keypairs and use them simultaneously for encryption and digital signing.

for encryption and digital signing. You can even have multiple keypairs associated with the same email ID.

Direct connection with public key servers

Publish your public key on public OpenPGP public key servers.

– Note: this is a ‘one-way process’. It includes publishing your Mailfence account, email address, first and last name or any other associated UID. Be careful, since it cannot be reversed. You will NOT be able to unpublish your public key from public key servers, nor modify your personal data.

– Publish your public key updates (expiration date, revocation, …).

– Import other OpenPGP public keys directly from public key servers and check for updates. You can also download them to your device.

Send your public key with digitally signed email

Send your public key via email attachment and digitally sign this email. This will allow your recipients to validate that you are indeed the claimed owner of your keypair.

Check out this short and quick Knowledge base to send an OpenPGP encrypted email

Verify the authenticity of public keys



– Verify the public key fingerprint (taken via side-channels such as phone, meeting in person, …) with existing public keys in your keystore.

An OpenPGP keystore that gives you real freedom

Finally, you can use all those OpenPGP keystore features without actually using Mailfence’s own OpenPGP based E2EE and Digital Signature features. Use Mailfence as a user-friendly web-based OpenPGP keystore. Simply create an account and import your existing OpenPGP keypair or generate one using our keystore. We give absolute freedom to our users in managing OpenPGP keys. Also we do not restrict our users in our own digital island i.e. inter-operability and full reversibility (you can export your encrypted keypair and data anytime).

Thanks to Mailfence, you do not have to deal anymore with techy command-line tools or commands to manage OpenPGP keys. Gone are the buggy platform dependent GUI’s and stand-alone add-ons/plugins. Mailfence took on the challenge to offer key management in an easy to use web interface. We believe that ‘Privacy is a right, not a feature’ – secure and private email should be in reach of everyone!

Also check:

Get your secure email

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team