Frequently Asked Questions

Mailvelope Business



Specific webmail providers


About Mailvelope

What is Mailvelope and how does it work?

Mailvelope is a browser extension (in Firefox it is called an "Add-On", in Chrome an "Extension") and it expands the functionality of your web-browser. Mailvelope offers email encryption with PGP for the Firefox and Chrome browsers.

One of the advantages of Mailvelope is that you don't need to change your familiar environment to get started with encrypted communication. If you've been using a webmail provider, you can also send encrypted emails with the help of Mailvelope using the same webmail provider and the same email address.

The additional Mailvelope component is superimposed to the provider's user interface in the browser. This ensures that your sensitive information remains inaccessible to your webmail provider. Encryption and decryption are handled on your computer and your private key never leaves your computer. Thanks to this concept, your confidential emails remain encrypted on your provider's servers at all times and are only readable on your computer once you have entered your private key's password.

Which webmail providers does Mailvelope support?

Mailvelope is designed for maximum flexibility and customizability. The extension works with a variety of webmail providers and websites including Gmail, Yahoo, Outlook Live, Zoho and many more.

Since Mailvelope first became available in 2012, more and more webmail providers have tailored their services to support the Mailvelope API so that they can offer to their users easy-to-use email encryption. The integration with German webmail providers WEB.DE, GMX and Posteo is especially seamless. The providers of the "De-Mail" project, 1&1 and Deutsche Telekom are also technically adapted to Mailvelope (and its API). These providers can therefore offer a better user experience through the basic features of Mailvelope.

Users who want to use Mailvelope in conjunction with these webmail providers should learn about how to use Mailvelope directly on the help pages of the relevant provider because the integration works differently in every case.

Help pages (email encryption with PGP/Mailvelope):

Pre-configured (authorized) providers:

Other authorized providers with API support:

Additional providers and websites can always be added manually. See: How do I authorize a new domain for it to work with Mailvelope?

Can I only exchange encrypted emails with other Mailvelope users?

Because Mailvelope uses the OpenPGP standard, which is open and has been trusted as secure for many years, you can communicate not only with other Mailvelope users but with anyone who uses software compatible with the PGP standard.

Examples of compatible software:

  • Thunderbird (macOS, Windows, GNU/Linux).
  • Gpg4win for Windows, for use with Outlook for example.
  • GPGtools for macOS in conjunction with their default mail application "Mail".

Can I also use Mailvelope on mobile devices?

Using Mailvelope on mobile devices with the Android or iOS operating systems isn't possible at the moment. Mailvelope has been designed as a browser extension and mobile browsers currently have restrictions that do not allow sufficient support of the Mailvelope extension. However, several email clients do support the OpenPGP standard for sending and receiving PGP encrypted emails on Android and iOS.

At the moment these include:



You can easily export and import your keys generated and used in Mailvelope so that you can be reached with the same email address and keys on your mobile device as you would with Mailvelope on your computer. On its Help page, the webmail provider offers a detailed guide on how to set up mobile PGP encryption on an Android device with the help of the programs Squeaky Mail and PGP KeyRing.

Please remember that the use of PGP on your mobile device also carries additional security risks. In the case of high security risk, the mobile use of PGP is not recommended. This especially applies to Android devices which are often supplied very late or even not at all with current operating system updates.


My webmail provider isn't pre-configured (authorized) in Mailvelope. Can I still use Mailvelope?

Mailvelope was designed for very flexible use. If your webmail provider is not included in the list of authorized domains, it is usually still possible to activate Mailvelope on new websites. Also see the next question.

How do I authorize a new domain for it to work with Mailvelope?

As detailed under Which webmail providers does Mailvelope support?, after installation many of the most used websites and email providers will already be enabled to work with Mailvelope. With the help of the following instructions Mailvelope can be configured for use on new websites.

Load the website you want to add to the list of authorized domains. Select the Mailvelope icon to open the main menu. Select "Authorize this domain". A Mailvelope dialogue to add the new domain should open.

In most cases you can leave the fields "Status", "Domain pattern" and "API" unchanged. Once you select "OK", Mailvelope will save the entry in the list of authorized domains. There, the entry can be edited at any time. Reload the newly authorized website in order to activate Mailvelope.

How do I deauthorize a domain from working in Mailvelope?

Navigate to the list of "Authorized domains" (Main Menu -> Dashboard). Select the relevant domain entry. A dustbin icon will now appear. Select the icon and confirm the security prompt. Selecting the entry opens the menu for editing of the domain. With the "Enabled" option, you can also temporarily deactivate the website for cooperation with Mailvelope. To do this, switch the "Enabled" button to "Off" and confirm with "OK".

Can I also encrypt email attachments with Mailvelope?

Yes. Using Mailvelope's file encryption you can easily encrypt any file to send as an email attachment. In this case, the file is encrypted with the public key of the recipient in the same way as email encryption. The size of the file is currently limited to 50MB, as sending larger files is usually not supported by email providers.

Encrypting Files

Select the Mailvelope icon to the right of the browser input field to open the main menu and select "File Encryption". The first step is to enter the email address of the recipient in the input field. In the next step, reselect the files to be encrypted with "Add file" or by dragging them on the Mailvelope window. After selecting "Encrypt" the files will be encrypted for the selected recipients. You can now select the files to download them and later add them to your email as an attachment. The encrypted files can either be selected individually or together using the "Download all" button.

Attention: Encrypting with Mailvelope changes the format of the file. Your files will temporarily receive the file extension for GnuPG encrypted files (.gpg) during the encryption process. This will be undone after decryption and the file will be restored to the format it originally had.

Decrypting Files

The steps for restoring encrypted files are similar to those for encryption. First select "File Encryption" in the Mailvelope main menu and then "Decrypt" in the menu bar. In the next step the files to be decrypted are selected again with "Add file" or by dragging on the Mailvelope window. After entering your private key’s password, the decrypted files are displayed, and can now be downloaded."

How can I sign messages and what purpose does it serve?

The signing of messages guarantees the authenticity of the message and thus ensures that it actually originates from the specified sender.

By selecting the "Options" button in the Mailvelope editor (while composing a new message) you can find options for signing a message. Select the key with which you want to sign the message. The message is now first signed with the selected private key and then encrypted.

With the link "Would you like to sign all your emails?", you can navigate to the mailvelope settings to activate the signing of messages as default. To do this, simply set the check mark "Sign all outgoing messages."

You can also send your emails with only a signature. To do this you will need to choose a key for signing in the email options. Mailvelope will then create a PGP signature and will add it directly into the email text. Please note that in this case the email content will be forwarded unencrypted to the email provider.

How do I check the validity of signed messages?

If a message contains a signature and Mailvelope can determine the sender address, Mailvelope automatically checks it. The message "Digitally signed" and the corresponding signature are then displayed in the lower area of the decoded message.

What happens if my email address changes?

Your email address serves (next to your name) as the user ID of your PGP key. If your email address changes, the PGP key you are using does therefore not necessarily have to change too.

In this case you have two basic options:

  • You generate a new key for your email address: Navigate to the Keyring (Main Menu -> Keyring) and select the "Generate" button. You can now proceed as if you were setting up Mailvelope for the first time. See our documentation for the steps needed for this.
  • You add the new address to an existing key (such as your previous email address): Navigate to the keyring (Main Menu -> Keyring) and select the key pair to which you want to add your new email address. Under "Assigned User IDs" you will see all email addresses that have been assigned to this key. With "Add new" you can now add a name and an email address. If necessary, delete the user ID of your old email address. Finally, you can synchronize the new entry with the key server so that your communication partners can find you under the new address.

Is a specific feature currently being supported or are there plans for future support?

If you have any suggestions, just send an email to We will happily consider them while planning future versions.

Extended features

Is it possible to use Mailvelope just as an encryption program, independently from email?

The flexible concept of Mailvelope makes it adaptable to different usecases. It is possible to exchange PGP-encrypted files or texts, including any attachments, in means, other than email. You can save and exchange encrypted files or message texts for example on a USB stick or a memory card. This would also be a nice way of avoiding metadata. It is also possible to store messages on websites, on a cloud storage or to send them with messenger services.

In case of such use of Mailvelope go to "Main menu" -> "File encryption". As for file encryption, the "Do you also want to encrypt a text" button lets you encrypt and decrypt texts from the same page. Further instructions under: Can I also encrypt email attachments with Mailvelope?.

Why using GnuPG backend instead of OpenPGP.js?

From version 3.0 onwards, Mailvelope can also collaborate with a locally installed GnuPG application (e.g. Ggp4win or GPGTools). Select Main Menu -> Dashboard -> Options -> General) and choose your OpenPGP Preferences. For the option to be available in Mailvelope, there must be a properly installed implemention of GnuPG on your device.

Users can than choose whether they want OpenPGP.js or the locally installed GnuPG application to handle key management and encryption routines. If you are experiencing detection issues, please also read The GnuPG extension is not recognized by Mailvelope. Key management by GnuPG can increase the security of Mailvelope by protecting the private keys in case your browser gets compromised. The support of security tokens such as a smartcard is also possible.

How to use Encrypted Forms with Mailvelope?

Mailvelope provides a way for web developers to define forms in a specific format so that the data can only be read by a selected recipient. The Mailvelope Browser extension takes care of the encryption and packages the form data in a secure OpenPGP message.

A technical documentation for encrypted forms is available in Mailvelope Wiki.

What is the Web Key Directory, and how can I use it?

At the beginning of an encrypted communication with OpenPGP, the public keys of the communication partners must be exchanged. By default, Mailvelope uses the Mailvelope key-server to simplify and partially automate this initial key exchange.

Web Key Directory is a new standardized procedure, which pursues a decentralized approach for this key exchange: The keys can be requested directly from the email provider, if the latter supports this procedure. Further information can be found on GnuPG Wiki.

What is Autocrypt, and how can I use it?

At the beginning of an encrypted communication with OpenPGP, the public key of the communication partner must first be exchanged. By default, Mailvelope uses the Mailvelope key server to simplify and partially automate the key exchange.

Autocrypt is a new procedure that uses the email "headers" for this key exchange: The sender automatically includes the public keys in the email header. Further information can be found on the Autocrypt team’s website.

Organization-wide PGP keys: How to use the "additional keys" function when writing an email?

The optional possibility to encrypt a message with an additional key becomes necessary if your recipient, as is common in some companies and institutions, only has an organization-wide key that is universally valid for all mail addresses of the same domain (i.e. all employees).

Once in the Mailvelope Editor, enter the email address of your contact as usual. This will not automatically turn green, as Mailvelope cannot yet assign an individual key. Now click on "Options" in the Mailvelope editor in the lower left corner and enter the domain-wide key of your recipient organization in the field "Encrypt this email with an additional key". The message "The email will be encrypted with the alternative key entered below" will now appear under the recipient's address and confirm usage of the entered key.

Key Management

What is the 'default' key in Mailvelope?

The first key you generate with Mailvelope immediately after setup, automatically becomes your default key. In the key list, this key will therefore be marked with the label "Default". If you want to change your default key, you will find the corresponding option when you select any key pair in the key list.

How can I import a PGP key into Mailvelope?

Select "Keyring" and then "Import".

There are two options:

  • Import key as file: Choose a key file (*.asc) with keys from your drive and import it into Mailvelope.
  • Import key as text: First copy the key or keys (several keys can be imported at the same time) to the clipboard. If you select "Import key from clipboard", the keys are extracted from the texts and transferred to the local keyring. Make sure you include -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK----- in the selection.

Import public keys for your communication partners automatically:

  • Keys in emails: Mailvelope automatically recognizes public keys received in emails if your email provider offers a preview of email attachments. Keys that have been recognized by Mailvelope are marked with a closed envelope symbol. Selecting the symbol opens an import dialogue and the key is automatically added to the keyring.
  • Keys on websites: Similarly, all sites the domain of which have been authorized (to authorize: How do I authorize a new domain for it to work with Mailvelope?) are checked by Mailvelope for any PGP keys they might contain. If you want to add one or more communication partners in Mailvelope whose keys have been published on websites, first authorize the relevant domain and then import all the keys that are automatically recognized by Mailvelope on this site.

How can I export my PGP key from Mailvelope?

With the "Export" option keys can be exported and sent or saved as backups. You can use this feature in order to publish your public key or to keep a copy of a public-private key pair in a safe place. Here you will find the most common use cases in detail. If you choose to export your key using the clipboard please make sure -----BEGIN PGP PUBLIC KEY BLOCK-----and -----END PGP PUBLIC KEY BLOCK----- are being included. If you use GnuPG for key management under Mailvelope, please note the last point of this FAQ question.

Export your public key:

Select "Key Management", your default key, then the "Export" option. Choose "Public" and if requested, provide a filename. After you select "Save" your public key will be saved to your Download folder as a .asc file. This format is standardized and can be read by all PGP implementations. Alternatively you can copy your key to the clipboard from the "Key Details" window. Your public key can now be sent to your communication partner, uploaded to a key server or integrated into your website.

Save your own key pair:

Hover your mouse over your default key pair, which will be marked with the label "Default", and select it. Select the "Export" button and choose the complete key pair by selecting "All". Upon selecting "Save" the key pair will be saved to your Downloads folder as a .asc file. As an alternative, you can copy your key to the clipboard using the button below on the card. Please read the security tips under Backup.

Backup of the complete keyring:

If you have multiple keyrings, first select the correct keyring on the top right of the key managment window (you will only find this menu if you have more than one keyring). On the Key Management screen, select "Export" from the upper left corner. You can save all public keys, all private keys or the entire keyring with all keys by choosing the option "All". Input a file name. Upon selecting "Save" the keyring will be saved to your Downloads folder as a .asc file. If the saved keyring also includes private keys, please pay attention to the security tips under Backup.

Special use case: Use of the GnuPG keyring

If you use GnuPG for key management, please note that for security reasons Mailvelope only supports the export of public keys. If you want to export key pairs or private keys from GnuPG, use the functions of the respective software you use.

Can Mailvelope detect a key rotation of my communication partner ?

In the daily use of PGP it often happens that a recipient changes his keys or uses new, alternative keys for secure communication with them. To make it easier for you as a communication partner to choose the current key for your messages, Mailvelope notices when a message to you has been signed with a new, not yet used key and displays this in a message as soon as you want to decrypt the email in question. You will be asked if you want to add the new key, whose ID and fingerprint will be displayed to you, to your keyring. If you are not sure whether the key really comes from your communication partner, we recommend contacting them via another communication channel and comparing the fingerprint if necessary. You can also choose to make your choice later by clicking "Not now".

Please note: If you refuse to add the new key, there is a risk that your communication partner will not be able to open your future emails, as they will then continue to be encrypted with the previously used key.

Automatic key selection is optional

Under "Options" -> "Key Sources" in the Mailvelope settings you will find the option "Determine current key of contacts and perform key selection automatically". If the checkmark is set here (default), the last used key of your communication partner is automatically used for your further conversations. This is done by Mailvelope evaluating the last valid signature in an email to determine the contact's current key. This information is stored in Mailvelope so that it can automatically select the correct key for future emails to this contact. However, Mailvelope can only perform this process if the encrypted emails in question are sent signed.

Key Server

What is the Mailvelope key server and how can I use it?

Mailvelope provides its own key server. A key server is a freely accessible database for the public keys of the PGP users. If you send an encrypted email to a communication partner but do not know their public key, you can use the key server to search for it. Moreover, you can store your public PGP key there for others to find easily. The Mailvelope key server has the advantage that all email addresses stored on it have already been verified via email, which is a good protection against potential identity theft.

Automatic key search

Mailvelope uses the key server in the background for some services. Whenever a new key is created, Mailvelope will automatically upload the key to the key server unless you deactivate this option in the key creation dialog. Even if you enter an email address in the Mailvelope editor when sending emails, Mailvelope searches for the corresponding public key on the key server and colors the email address green or red, depending on the availability of the searched address on the server.

You can also deactivate the automatic use of the key server which is activated by default. Select "Options" -> "Key-Server" and uncheck the box "Use the Mailvelope key server".

Manual key upload or download

If you want to upload your key manually or even search for keys, you can use the web interface of the Mailvelope key server.

Upload key to server (OpenPGP key upload)

Copy the public key you want to upload to the clipboard. Make sure that your selection includes - - - - BEGIN PGP PUBLIC KEY BLOCK---- and - - - - END PGP PUBLIC KEY BLOCK----. Paste it into the input field and select "Upload".

Search for keys on the key server (OpenPGP key lookup)

Enter the email address or the key ID (a key ID makes every PGP key uniquely identifiable). For example, the key IDs for your keys can be found in Key Management in the "Key ID" column. Finally, select "Search".

Remove a key from a key server (OpenPGP key removal)

Enter the email address of the key that you want to delete and select "Delete". Be sure to enter the email address keeping case sensitivity in mind. In some cases, the associated key may not be found otherwise! Attention: When attempting to delete a key from the key server you will receive an email with a link which has to be selected in order to complete the deletion.

Mailvelope Business

How can I use Mailvelope Business as a nonprofit organization?

Our Mailvelope Nonprofit plan offers free access for up to 4 users. Mailvelope Nonprofit comes with the same features as the Mailvelope Business plan but without the enterprise support included in the Business plan.

Please note:

  • Mailvelope Nonprofit is intended for organizations that serve non-commercial purposes.
  • When registering, please specify the domain of your organization. This domain must be a publicly accessible website on which the nonprofit character of the organization is clearly visible.
  • After registration, Mailvelope Nonprofit is immediately activated. A review of the domain will take place at a later date. We reserve the right to delete registrations which do not meet our eligibility criteria.
Start registering for Mailvelope Nonprofit

Do I have to buy a license for all users in my organization?

No. The license defines the maximum number of users of a domain linked to Google Workspace. At the beginning of each month, the free licenses will be assigned to the first users who will log in. This allows for flexible allocation of the maximum number of licenses purchased each month. Therefore, you only need licenses for the number of users who will actively use Mailvelope. Should your license needs evolve, you can increase or decrease the number of users through our portal.

Why is a DPA (data processing agreement) necessary for Mailvelope Business?

Mailvelope’s end-to-end encryption is client-based and therefore, sensitive data is always encrypted before it leaves your end device. However, to provide the convenience of easy public key management, we rely on the Mailvelope Key Server. With the (optional) upload of keys to our key server, data relevant to data protection such as name and email address of people in your organization are stored on our server. The DPA ( defines the roles and responsibilities in handling this data. You can always request a signed agreement for your organization at Users of Mailvelope Business are also registered and managed on our Chargebee payment platform.

How can I cancel my subscription to Mailvelope Business? How to delete my account?

With the end of the trial phase the subscription ends automatically if no payment method is defined. An active subscription can be cancelled at any time via our portal and ends at the end of the current billing period. If you want to delete your account completely, please send us a short email to


How secure is Mailvelope?

Mailvelope provides end-to-end encryption, meaning the app ensures (within its set technical limits) that sensitive files and information can be sent from one device to another over a potentially unprotected channel such as an email.

Various threat scenarios have been tested during professional security audits: List of Mailvelope's audits.

According to analysis, Mailvelope offers a secure end-to-end encryption. However, security while using Mailvelope is dependent on how secure your device is. We therefore recommend security measures such as regular updates of your browser and operating system as well as the use of sufficiently secure passwords (see also: How do I choose a secure password for my private key?).

Where are my keys stored?

The location where Mailvelope stores its keys depends on the selection you made under Options -> General -> OpenPGP Preferences.

Default setting (OpenPGP.js)

Mailvelope stores the keys as a file in the browser's local folder, either in the Chrome user data directory or in the profile folder for Firefox. If you delete the temporary browser data, stored keys in Mailvelope will not affected. However, deleting the Mailvelope extension in Chrome or Firefox will also delete the keystore from your file system.

Key management by GnuPG

If you have selected GnuPG as your preferred backend for encryption in Options -> General -> OpenPGP Preferences, the keys will be managed by your local GnuPG program (usually GPG4Win or GPGTools).

How are private keys protected? Can anyone who has access to my computer also access my private key?

Mailvelope stores and exports private keys only in their encrypted form. The private key is therefore always password protected. All steps that require a private key (such as decrypting or signing a message) always require both components: the private key and the password. Even after exporting a private key it remains encrypted and password protected at all times.

Mailvelope guarantees a high level of security for your private keys by default. You can further increase this security by selecting GnuPG as the preferred backend for encryption under Options -> General -> OpenPGP Preferences.

Additional information:
  • The OpenPGP standard also allows private keys without a password, however, such keys are rarely used in practice. Using such keys with Mailvelope is not recommended.
  • In case an attacker ever gains access to the private key, it's ability to resist brute force attacks entirely depends on the complexity and length of the password. Please read the notes in the next section of this FAQ.
  • As an end-to-end encryption software Mailvelope must be able to rely on secure endpoints. If one of the computers on both sides is insecure (e.g. due to missing updates of the operating system or browser), encryption is also potentially at risk. In addition to the usual protective measures, physical access to your computer by third parties should also be avoided.
  • GPG uses a similar security model for private keys: The "Keyring" is not encrypted in this case, only the individual parts of the key are. Any user with local access rights can copy the private key from the file system. However, their password is required to access or use a single private key.
  • By default, the Chrome and Firefox browsers automatically send usage statistics and crash reports to Google or Firefox. These functions should be deactivated because in case of a bug it is possible that stored content, which could also include private keys, could be sent to them. We therefore recommend that you disable "Automatically send usage statistics and crash reports to Google" in Chrome settings. In Firefox you can find the corresponding option under "Privacy & Security" -> "Firefox Data Collection and Use".

How do I choose a secure password for my private key?

A strong password should be chosen to protect your data, even in the case that someone gets hold of your private key and attempts a so-called "brute force" attack. In such an attack, a variety of passwords are checked in a very short time in order to find the right one. In the end the strength of your encryption is a matter of the length of your password on one hand and on the other hand, the randomness (entropy) of your combination.

You can create a strong password by combining letters, both upper and lower case, numbers and special characters. This kind of password is usually very hard to remember. Another option would be to think of a picture or a scene which you could describe with four or five words. Written together these words could be your password. A short and fun introduction to this can be found here.

How can I create a backup of my keys?

Export the keys you want to back up following the instructions in How can I export my PGP key from Mailvelope?

If you want to secure a private key, you should note some security tips. Even if your private key is still encrypted after the export and still needs to be unlocked using your password, it should not be left unprotected on any disk.

If your security threats are high, the file should be kept on a safe offline storage. We recommend that you back up your private key on a USB drive or key (if it has added hardware or software password protection, it should be safe). Keep it in a safe place.

What do I do if I forget my password?

Unfortunately Mailvelope cannot recover your password for you. Any messages sent to you using this public key can no longer be decrypted. You will need to delete your old key (this should also be done on the Mailvelope key server if it has been uploaded). Generate a new key pair and inform your communication partners as soon as possible of the change of your public key.

When using Mailvelope in conjunction with WEB.DE and GMX, recovery of your password is possible through a so-called "recovery code". For more information about this option, please see WEB.DE and GMX: I need to enter a "recovery code". Where do I get it from? From Mailvelope?

How can I change the password for my private key?

Navigate to the Mailvelope keyring (Main menu -> Keyring). Select the key pair whose password you want to change. Select it, to see the key details. At the bottom left you see the field "Password". "Change" opens the dialog to change the password. Enter the old password, then enter and confirm the new password.

When installing the extension, I am informed that: "This extension has access to: your information on all websites, your registration cards and your browser activities." Why is this necessary?

These permissions are needed for Mailvelope to work properly for the following reasons:

  • Mailvelope must be able to search the cooperating websites for PGP encrypted messages. For this Mailvelope needs the access to the data for these websites.
  • Mailvelope is pre-configured for the most important webmail providers, but can theoretically be extended and used with any website. Since Mailvelope cannot know which providers have been added, access to all websites is necessary to ensure their functionality.
  • Without this access Mailvelope wouldn't be able to add its controls to the user interfaces of activated collaborating websites.

Because Mailvelope is open source software verified by many different websites, you can be confident that these permissions won't be abused by Mailvelope.

Specific webmail providers

WEB.DE and GMX: I need to enter a "recovery code". Where do I get it from? From Mailvelope?

GMX and WEB.DE ask their users for a recovery code if they have lost the password for their private key or if the private key itself has been lost. This is a feature that is only offered by these email providers. When you set up the email encryption function, a 26-character code is generated which should be printed so that it can be used to activate the recovery feature in case your key or password are lost.

If you still have your private PGP key and password, you can print a new recovery code here:

As there is currently no english version of WEB.DE Support available, you can use the following link for both. The process is the same:

GMX Help: Creating a New Recovery Document

If you have lost/forgotten your private key or your password and you haven't printed your recovery code, your encrypted communication cannot be recovered. The PGP function of your GMX or WEB.DE accounts will have to be restarted. This can be done neither by you nor by Mailvelope, but must instead be requested through the GMX and WEB.DE hotline:

Google requests additional permissions for the Gmail API integration of Mailvelope. What are they necessary for and how does Mailvelope handle my data?

Mailvelope will work in combination with Gmail, even without API integration. However, the connection to the Gmail API enables a much simpler use for writing emails and handling their attachments.

If you activate the option "Gmail API Integration" under Options -> Gmail API, additional Mailvelope controls will be displayed in Gmail. When using these advanced features in Gmail, Google will start an authorization dialog that will guide you through the approval process.

This gives your Mailvelope browser extension the right to deal with your emails directly via your Gmail account. At no time will the emails be used for other purposes or forwarded to third parties. Mailvelope does not receive more rights than any locally installed email application would get.

As the source code of Mailvelope is open source and publicly available, we are fully transparent about how your data is processed. In addition, the security is monitored by regular security audits. Our guidelines for the handling of data can be found in our Privacy Policy.


What can I do if it looks like Mailvelope isn't working properly?

Mailvelope has been designed as a browser extension and therefore needs an updated "software base" in order to function as intended. In the case of malfunctions, check to see if you are working with an outdated operating system or if you have to update your browser to the latest available version. If you still experience issues, you can try one of the following options:


  • First try to disable all other currently installed browser extensions, then restart Firefox. Sometimes the installed extensions affect one another.
  • Firefox offers a profile clean up feature. Please follow the instructions to refresh Firefox - reset add-ons and settings.

Google Chrome:

  • First try to disable all other currently installed extensions, then restart Chrome. Sometimes the installed extensions affect one another.
  • If you find that other extensions are interfering with Mailvelope (this rarely happens in Chrome), you could create a special user profile in which Mailvelope is the only extension installed.

What should I include in my bug report to Mailvelope?

Before you send a bug report, please always restart your browser and check if the problem persists. Often browser issues, and not Mailvelope itself, are responsible for malfunctions. If you are using an older version of your browser or operating system, please update and check is the problem persists. In case the bug persists, please send us a bug report at:

A bug report should at least contain the following informations:

  • Short description of the problem
  • Type and version of the operating system
Google Chrome
  • Browser version - input about:version in the address bar.
  • If Mailvelope does not show an error message, you may find relevant information in the logs:
  • In the browser tab in which your webmail provider is open, select + + (Windows/Linux) or + + (Mac) and add the errors marked in red to the report.
  • In addition, open the extension page by inputting chrome:extensions in the address bar.
  • Activate developer mode at the top right corner of the page.
  • Select background.html in the "Mailvelope" entry on the page.
  • A new browser window will open. Make sure the Console tab is enabled and add any errors marked in red to the bug report.
  • Browser version, see find out version.
  • If Mailvelope does not show an error message, you may find relevant information in the logs:
    • Restart your browser.
    • Try to reproduce the problem.
    • Select „Tools -> Add ons" in the Firefox main menue line. On the top of your list of extensions you will find a gear icon with the option to „Debug Add-ons". Select the „Inspect" button of the Mailvelope entry and open the „Console" tab. Add the content of the console window to your bug report.

I have received an encrypted email, but I can only see two attachments. Mailvelope doesn't offer automatic decryption.

This may be the case in the following situation: The PGP application of your communication partner has encrypted the email in PGP/MIME format and your webmail provider doesn't show a preview of the attachments by default. In this case Mailvelope cannot access the encrypted data due to technical reasons and therefore can't offer automatic decryption.


  • If this situation occurs often: It should be possible for your communication partner to switch from PGP/MIME to PGP/INLINE in future emails. This is the easiest way to fix the problem.
  • You can also decrypt both attachments manually with Mailvelope: First save the files to your computer by downloading them. Right click on the files, select "Open with" and select a simple text editor on your computer (for example, "Textedit" on macOS or "Notepad" on Windows). Now select the PGP code in the text editor and copy it to the clipboard. Make sure that you include the -----BEGIN PGP PUBLIC KEY BLOCK-----and the -----END PGP PUBLIC KEY BLOCK----- in your copy. Next, select "Encryption" in the Mailvelope main menu and then choose "Text Decryption" from the sidebar. Paste the text from the clipboard into the decryption window and confirm by selecting "Decrypt". As soon as you see the decrypted content of your email, you can copy it and use it elsewhere.

Mailvelope reports error: "No private Key found for this message. Required private key IDs:..."

This error occurs if you have received an encrypted message for which Mailvelope does not find the matching private key. If the public key your communication partner encrypted the email with does not have a matching private "counterpart" on your side, Mailvelope can't decrypt the email. If you're not familiar with PGP, we recommend reading our documentation for a short explanation of the basics of how Mailvelope works, to better understand the principle of asymmetric encryption.

There are several reasons why private keys could be missing: For example, you exchanged the public keys with your communication partner first and later forgot the password of your private key. You then simply generated a new key and deleted the old one. In this case, you must pass the corresponding new public key to your communication partner again, so that future emails to you are not accidentally encrypted with the old public key and you end up receiveing this error message.

Also your communication partner may have used an outdated public key stored on Mailvelope-(or another) key-server, which you forgot to delete after changing your keys. Always remember that anyone who has outdated public keys, can email you at any time without receiving an error message. You will not be able to open these mails, because Mailvelope doesn't have the key to decrypt them.

As of version 4.5.1, Mailvelope offers the so-called "key rotation feature" to warn your communication partners and to prompt them to add a newly generated key if you have changed it. However, in order for this process to be triggered automatically, you must send your encrypted mails signed. You can find more details under:Can Mailvelope detect a key rotation of my communication partner?

Installed GnuPG is not recognized by Mailvelope.

You have installed GnuPG and Mailvelope does not recognize the existing installation, or you cannot select GnuPG as backend for key management under Options->General. The use of GnuPG is not yet optimized for all operating systems. Further information can be found on our GitHub Wiki: Mailvelope GnuPG Integration.


How do I install Mailvelope?

The steps for installing Mailvelope in Chrome and Firefox are largely identical. They are described in the documentation.

Can I install Mailvelope on other browsers besides Chrome and Firefox?

Yes. Since there are a number of derivatives for both Chromium and the Mozilla engine, Mailvelope can run on these browsers without any issues. As this market is in constant movement, we are not able to check the functionality of Mailvelope for all available browsers. However, we can recommend the Brave-Browser, which is based on the Chromium-Engine, as it offers numerous features for privacy protection.

For Opera, an add-on is available, which allows you to install Chrome extensions under Opera. However, it was not possible to check whether this would allow Mailvelope to run on Opera without any restrictions.

Creative Commons license agreement

Our special thanks to the volunteers of for making this translation possible!

The Mailvelope Team