Starting with the latest release of Proton Mail on web (v3.14), iOS and Android (v1.9), and the latest versions of the Proton Mail IMAP/SMTP Bridge(nouvelle fenêtre), Proton Mail now supports Address Verification, along with full PGP interoperability and support. In this article, we’ll discuss these two new features in detail, and how they can dramatically improve email security and privacy.
Address Verification
When Proton Mail first launched in 2014, our goal was to make email encryption ubiquitous by making it easy enough for anybody to use. This is no easy feat(nouvelle fenêtre), and that’s probably why it had never been done before. Our guiding philosophy is that the most secure systems in the world don’t actually benefit society if nobody can use them, and because of this, we made a number of design decisions for the sake of better usability.
One of these decisions was to make encryption key management automatic and invisible to the user. While this made it possible for millions of people around the world to start using encrypted email without any understanding of what an encryption key is, the resulting architecture required a certain level of trust in Proton Mail.
While a certain level of trust is always necessary when you use online services, our goal is to minimize the amount of trust required so that a compromise of Proton Mail doesn’t lead to a compromise of user communications. This is the philosophy behind our use of end-to-end encryption(nouvelle fenêtre) and zero-access encryption(nouvelle fenêtre), and it is also the philosophy behind Address Verification(nouvelle fenêtre).
Prior to the introduction of Address Verification, if Proton Mail was compromised, it would be possible to compromise user communications by sending to the user a fake public encryption key. This could cause email communications to be encrypted in a way that an attacker, holding the corresponding fake private key, could intercept and decrypt the messages (this is also known as a Man-in-the Middle attack, or MITM), despite the fact that the encryption takes place client side.
Address Verification provides an elegant solution to this problem. We consider this to be an advanced security feature and probably not necessary for the casual user, but as there are journalists and activists using Proton Mail for highly sensitive communications, we have made adding Address Verification a priority.
How Address Verification works
Address Verification works by leveraging the Encrypted Contacts(nouvelle fenêtre) feature that we released previously. Starting with the latest version of Proton Mail, when you receive a message from a Proton Mail contact, you now have the option (in the Proton Mail web app) to Trust Public Keys for this contact. Doing so saves the public key for this contact into the digitally signed contacts, so it is not possible to tamper with the public encryption key once it has been trusted.
This means that when sending emails to this contact, it is no longer possible for a malicious third party (even Proton Mail) to trick you into using a malicious public key that is different from the one you have trusted. This allows for a much higher level of security between two parties than is possible with any other encrypted email service. You can learn more about using Address Verification(nouvelle fenêtre) in our knowledge base article.
PGP Support
At the same time as Address Verification, we are also launching full support for PGP email encryption. As some of you may know, Proton Mail’s cryptography is already based upon PGP, and we maintain one of the world’s most widely used open source PGP libraries(nouvelle fenêtre). PGP support is also an advanced feature that we don’t expect most users to use. If you need secure email, the easiest and most secure way to get it is still to get both you and your contact on Proton Mail, or if you are an enterprise, to migrate your business to Proton Mail(nouvelle fenêtre).
However, for the many out there who still use PGP, the launch of full PGP support will make your life a lot easier. First, any Proton Mail user can now send PGP encrypted emails to non-Proton Mail users by importing the PGP public keys of those contacts. Second, it is also possible to receive PGP email at your Proton Mail account from any other PGP user in the world. You can now export your public key and share it with them.
Therefore, your Proton Mail account can in fact fully replace your existing PGP client. Instead of sharing your existing PGP public key, you can now share the PGP public key associated with your Proton Mail account and receive PGP encrypted emails directly in your Proton Mail account.
If you are an existing PGP user and you would like to keep your existing custom email address (e.g. john@mydomain.com), we’ve got you covered there, too. It is possible to move your email hosting to Proton Mail and import your existing PGP keys for your address, so you don’t need to share new keys and a new email address with your contacts.
If you are using PGP for sensitive purposes, this might actually be preferable to continuing to use your existing PGP client. For one, PGP is fully integrated into Proton Mail, encryption/decryption is fully automated, and the new Address Verification feature is used to protect you against MITM attacks. More importantly though, Proton Mail is not susceptible to the eFail class of vulnerabilities(nouvelle fenêtre), which have impacted many PGP clients, and our PGP implementations are being actively maintained.
You can find more details about using PGP with Proton Mail here(nouvelle fenêtre).
Introducing Proton Mail’s public key server
Finally, we are formally launching a public key server to make key discovery easier than ever. If your contact is already using Proton Mail, then key discovery is automatic (and you can use Address Verification to make it even more secure if you want). But if a non-Proton Mail user (like a PGP user) wants to email you securely at your Proton Mail account, they need a way to discover your public encryption key. If they don’t get it from your public profile or website, they are generally out of luck.
Our public key server solves this problem by providing a centralized place to look up the public key of any Proton Mail address (and non-Proton Mail addresses hosted at Proton Mail).
Our public key server can be found at hkps://mail-api.proton.me. This link is used for HKP requests and cannot be accessed with a browser. However, if you want to download the public key of a Proton Mail user, copy and paste the following link into your browser — https://mail-api.proton.me/pks/lookup?op=get&search=username@proton.me — and replace the “username@proton.me” with the address you’re looking for.
Concluding thoughts on open standards and federation
Today, Proton Mail is the world’s most widely used email encryption system(nouvelle fenêtre), and for most of our users the addition of Address Verification and PGP support will not change how you use Proton Mail. In particular, setting up PGP (generating encryption keys, sharing them, and getting your contacts to do the same) is simply too complicated, and it is far easier for most people to simply create a Proton Mail account and benefit from end-to-end encryption and zero-access encryption without worrying about details like key management.
Still, launching PGP support is important to us. The beauty of email is that it is federated, meaning that anybody can implement it. It is not controlled by any single entity, it is not centralized, and there is not a single point of failure. While this does constrain email in many ways, it has also made email the most widespread and most successful communication system ever devised.
PGP, because it is built on top of email, is therefore also a federated encryption system. Unlike other encrypted communications systems, such as Signal or Telegram, PGP doesn’t belong to anybody, there is no single central server, and you aren’t forced to use one service over another. We believe encrypted communications should be open and not a walled garden. Proton Mail is now interoperable with practically ANY other past, present, or future email system that supports the OpenPGP standard, and our implementation of this standard is also itself open source(nouvelle fenêtre).
We still have a long way to go before we can make privacy accessible to everyone, and in the coming months and years we will be releasing many more features and products to make this possible. If you would like to support our mission, you can always upgrade to a paid plan(nouvelle fenêtre).
Thank you for your continued support!
Sign up and get a free secure email account from Proton Mail.
We also provide a free VPN service(nouvelle fenêtre) to protect your privacy.
