Can I share a key between Mailvelope and PGPony?

Yes. In Mailvelope, open the key manager, select your key → Export → ASCII armored (and tick "include secret key"). Save the .asc file. Transfer to your phone (AirDrop on iOS, cloud sync on Android), open in PGPony. Same fingerprint, same identity in both.

Does Mailvelope work on mobile browsers?

No. Mailvelope is a browser extension, and the major mobile browsers (Safari on iOS, Chrome on Android) do not support the extension model Mailvelope needs. That's the gap PGPony fills.

Is Mailvelope open source?

Yes — Mailvelope is open source under AGPLv3. The browser extension and key management code are all auditable.

Does PGPony work in a desktop browser like Mailvelope does?

No, and intentionally so. PGPony is a mobile-native app. For desktop browser PGP, Mailvelope is the right tool. Pair them: Mailvelope on the laptop browser, PGPony on the phone, same key on both.

Which one is better for Gmail?

On desktop, Mailvelope sits directly inside the Gmail web interface — type a draft, click the Mailvelope icon, encrypt, send. PGPony handles the same task on mobile but through a copy/paste flow (open PGPony, encrypt, paste into Gmail app). Mailvelope wins for desktop-Gmail; PGPony wins for everything else.

Does Mailvelope support OpenPGP v6 (RFC 9580)?

As of writing, Mailvelope still targets OpenPGP v4 (RFC 4880) as the main key format. PGPony imports v6 keys and decrypts v6 messages today.

Can I encrypt files in Mailvelope?

Mailvelope supports file encryption through its dashboard (separate from the email integration). PGPony supports file encryption via the iOS Files app and Android storage access framework. Both work; Mailvelope's flow is browser-driven, PGPony's is OS-level.

// pgpony vs mailvelope

PGPony vs Mailvelope.

Mailvelope is the best free open-source OpenPGP option for desktop webmail — a browser extension that sits inside Gmail, Outlook web, and any IMAP webmail. PGPony is the same standard, but for the phone. They\'re complements, not competitors.

// the short version

Use Mailvelope on your laptop browser. Use PGPony on your phone. Export your key from one, import to the other, and the same identity works in both. There is no contest here — they cover different surfaces.

At a glance.

	PGPony	Mailvelope
Platform	iOS 17.6+, Android 8.0+	Chrome, Firefox, Edge browser extension
Mobile	Native iOS + Android apps	No mobile browser support
Desktop	Mobile only	Yes — any desktop browser
Price	Free	Free
License	Proprietary; uses audited open crypto	AGPLv3 (open source)
Key generation	Ed25519 + Cv25519, RSA	RSA + ECC (ECC default in recent versions)
Webmail integration	No (would require browser)	Gmail, Outlook web, Yahoo, GMX, Web.de, more
OpenPGP v6 (RFC 9580)	Import, decrypt, verify	v4 only
QR code key exchange	Yes	No
Biometric unlock	Face ID / Touch ID / fingerprint	Passphrase only
WKD lookup	Yes	Yes
File encryption	iOS Files / Android SAF	Dashboard interface
Best for	Mobile use, on-the-go encryption	Desktop webmail (especially Gmail)

Honest tradeoffs.

Where Mailvelope wins

It lives inside webmail. Open Gmail in the browser, hit compose, type your message, click the Mailvelope icon, encrypt in place. No app switching, no copy/paste. This UX cannot be replicated on mobile because mobile browsers don\'t support browser extensions.
Truly open source under AGPLv3. Every line of the encryption and UI layer is auditable. PGPony uses audited open libraries but the integration and UI are proprietary.
Familiar email recipients. Mailvelope detects PGP-encrypted content in your inbox automatically and offers to decrypt inline. Reading an encrypted email feels almost identical to reading any other email.
Works on the desktop you already have. Install once in Chrome / Firefox / Edge, set up your key, you\'re running. No new app to learn.
Cross-platform via the browser. Same Mailvelope on Linux, Windows, macOS, ChromeOS — wherever your browser is.

Where PGPony wins

It works on the phone. Mailvelope cannot. Period. Mobile browsers don\'t expose the extension API Mailvelope needs, so reading encrypted email or composing encrypted replies on your phone requires a different tool. PGPony is that tool.
OpenPGP v6 import support today. PGPony reads RFC 9580 keys; Mailvelope is v4-only as of writing.
QR key exchange. At meetups, conferences, in-person handoffs — scan a QR code to import a public key. Mailvelope has no analog (a browser extension can\'t easily access a camera mid-compose).
Biometric unlock. Face ID before opening the app, optional second prompt per decryption. Mailvelope uses passphrase prompts since browser extensions don\'t have OS-level biometric primitives.
Channel-independent. PGPony encrypts text and files for any channel — SMS, Slack, Signal, file transfers, code review comments. Mailvelope is webmail-centric.
Modern key defaults. Generate a key in PGPony and you get Ed25519 + Curve25519 — modern, fast, small. Mailvelope ECC defaults exist but the UX often nudges toward RSA still.

The recommended setup.

If you spend time in both a desktop browser and on a phone, the cleanest workflow is:

Generate your key once — on whichever platform you\'re on first. Mailvelope and PGPony both produce standard OpenPGP keys; either is fine as the origin.
Export the secret key as ASCII armored. In Mailvelope: Options → Key Management → select key → Export → "Display public and private keys". In PGPony: Keyring → tap key → Export → include secret key.
Transfer carefully. Treat the .asc file like a password. AirDrop, USB transfer, or an encrypted volume during transit. Delete intermediate copies.
Import on the other side. Same fingerprint, same UIDs. Both apps now manage the same identity.
Use them in their lanes. Mailvelope when you\'re at a desktop browser. PGPony when you\'re not. No daily syncing — your contacts\' keys stay in whichever app you imported them into, but you can WKD-lookup the same recipient in both apps independently when needed.

The technical bits.

Mailvelope is built on OpenPGP.js, the canonical JavaScript implementation of OpenPGP. PGPony uses Bouncy Castle on Android and a Swift implementation on iOS, both validated against GnuPG\'s reference. All three (OpenPGP.js, Bouncy Castle PGP, PGPony\'s iOS code) produce interoperable output: a message encrypted in Mailvelope is decrypted byte-perfect by PGPony, and vice versa.

On the key side, the same applies. A key generated in Mailvelope can be imported into PGPony with the same fingerprint, subkey structure, and UIDs intact. Going the other direction is identical — there\'s no PGPony-specific format leaking into the keys it produces.

The verdict.

Choose Mailvelope if You\'re primarily on a desktop browser, using Gmail / Outlook web / similar webmail, and you want PGP that lives inside that browser experience. It\'s the best free open-source option for this exact use case.
Choose PGPony if You need PGP on your phone. There is no Mailvelope option for mobile because mobile browsers don\'t support the extension model. You also want OpenPGP v6 import, QR key exchange, or biometric unlock — none of which Mailvelope offers.
Use both if You use both a desktop browser and a phone — which is most people. Same key on both. No conflict, no duplication, no choice required.

Try PGPony

Free. No accounts. No tracking. Works with everything that speaks OpenPGP.

Download on the App Store

Get it on Google Play