When you send an encrypted email with Proton Mail, your message is automatically protected with PGP encryption. What is PGP? This article explains the tech behind our security promise.
PGP stands for Pretty Good Privacy, but the name is an ironic understatement. In fact, PGP is the most widely used email encryption system in the world. When you send messages using PGP encryption, no one can intercept and read your message in transit. PGP has been thoroughly field tested over its decades of use, its few vulnerabilities are well understood, and it has broad compatibility with other encryption clients. For these reasons, we use PGP as the backbone of our security architecture.
- What PGP is
- How PGP works
- How you can use PGP to protect your communications
What is PGP?
PGP is a cryptographic method that lets people communicate privately online. When you send a message using PGP, the message is converted into unreadable ciphertext on your device before it passes over the internet. Only the recipient has the key to convert the text back into the readable message on their device.
PGP also authenticates the identity of the sender and verifies that the message was not tampered with in transit.
Before PGP, your internet provider, your email provider, hackers, or the government could all theoretically read your messages. PGP was developed in the 1990s to allow email and other types of messages to be exchanged privately.
Today, PGP has been standardized into OpenPGP, enabling anyone to write PGP software that is compatible and interoperable with other platforms that use PGP.
PGP and Proton Mail
Historically, PGP was difficult to use, requiring additional software applications on top of your email provider or client. You also would have to manually generate encryption keys and exchange them with your contacts.
With Proton Mail, PGP is built in and runs automatically and invisibly. When you compose an email to another Proton Mail user and click send, the message encryption and signature are applied automatically. You don’t have to do anything or need any specialized technical knowledge to encrypt your email with PGP.
Proton Mail makes PGP encryption easy, convenient, and accessible to everyone.
How does PGP work?
PGP uses a combination of symmetric key encryption (i.e., a single-use session key which encrypts and decrypts the message) and public key encryption (i.e., the keys unique to the recipient encrypt and decrypt the session key).
The below diagram shows how PGP encryption works.
For this article, we’ll stick with the high-level concepts. If you’re interested in the mathematics behind encryption, you can find (somewhat simplified) explainers that digest those topics.
The first thing PGP does is generate a random session key. This key is an enormous number that is used to encrypt and decrypt the contents of the message. Only someone who knows the session key can read the message, and it is much too large to guess. This session key is also never used again for other messages.
Next, the session key is encrypted using the recipient’s public key. The public key is unique to each person and meant to be shared. Since it doesn’t change, your public key is like an email address. It is tied to you, and anyone can use it to send you an encrypted message.
Each person’s public key corresponds to their private key, which is secret. In PGP, when the recipient receives an encrypted message, they decrypt the session key using their private key. The plaintext session key then decrypts the message.
Why use two methods of encryption?
PGP takes the extra step of encrypting the message and the session key because public-key cryptography is much slower than symmetric cryptography, especially for large messages. It would take a lot of time and computing power to encrypt and decrypt large emails or files directly using the public key. Instead, public-key cryptography is only used to encrypt the session key, so it doesn’t take very long or use much computing power at all.
Using symmetric cryptography without public-key cryptography would be less convenient, because you would need to somehow share the session key with the recipient, and to do so in plaintext would not be secure. If you shared your session key in plaintext, anyone who intercepted it would be able to read it and then decrypt the entire message.
Sharing the session key via another encrypted channel, or in person, would be impractical for your online communications. Therefore, PGP combines the efficiency of symmetric encryption and the convenience of public key encryption.
There are two other aspects of PGP to note. The first is the digital signature. A digital signature proves to the recipient that an attacker has not manipulated the message or the sender, and can therefore be trusted.
PGP does this by creating a unique number (the digital signature) using a combination of the sender’s private key and a mathematical redux (known as a message digest) of the plaintext message. If either the private key or the message is altered, the digital signature is invalid.
Trusting the public keys
Digital signatures help mitigate sophisticated attacks, but how can a sender know that the public key they’re using belongs to the person they think it does? After all, the server could easily give a bogus public key to the sender.
To solve this problem, we introduced Address Verification, which allows you to share your public key and digitally sign the public keys of others that you have personally verified. These trusted public keys are then securely stored in your encrypted contacts.
How secure is PGP?
PGP is a battle-tested standard, and we can be virtually certain that even intelligence agencies like the NSA cannot break its encryption. (PGP was the encryption method of choice for Edward Snowden when he leaked classified documents to Glenn Greenwald.)
While there have been security bugs with certain implementations of PGP, such as the infamous Efail vulnerability, PGP itself is very secure. Proton Mail has not been affected by any known vulnerabilities.
Like most other information security systems, the biggest weakness is the user. Often the simplest and most effective attacks are the least high-tech, as this comic illustrates. Phishing remains the most common kind of cyberattack, and PGP cannot protect you if your device or accounts are compromised. (Check out these email safety tips, and the password managers we recommend.)
How to use PGP encryption
PGP is notoriously complicated. Most people who aren’t tech savvy would never bother to learn how to use PGP, while the people who do know how to use it often don’t, because it’s too tedious. While there are programs for Thunderbird, Outlook, and Apple Mail that enable PGP encryption, these are not practical solutions for everyday emails.
However, Proton Mail solves this problem by making PGP encryption automatic and built-in for all emails sent between Proton Mail accounts. You can also easily encrypt emails to non-Proton Mail users.
Anyone can create a free Proton Mail account in a minute or two and immediately start sending PGP emails. Proton Mail can also offer a high level of privacy because we don’t require any identifying information to create an account.
Proton Mail also offers full PGP support, allowing advanced users to send and receive PGP-encrypted emails from non-Proton Mail users right in their mailbox. For traditional PGP users, this is by far the simplest way to communicate with other PGP users while still having the convenience of Proton Mail. Follow the link to learn how to use Proton Mail as your PGP client.
As new encryption standards gain popularity, we will test and implement the strongest security features for Proton Mail. We will also continue to adapt to new cyber threats.
We recently upgraded to elliptic curve cryptography, which maximizes security and efficiency, and we commission independent security audits to ensure that all our apps meet the highest standards of security possible.
With the support of our community, we’re building a safer internet upon its time-tested foundations.
Pretty Good Privacy FAQ
PGP in full form is Pretty Good Privacy. While the name sounds like it means you are settling for less-than-amazing privacy, it’s actually incredibly strong. Phil Zimmermann (the developer of PGP and the man who named it) was inspired by the grocery store Ralph’s Pretty Good Grocery in Garrison Keillor’s stories about a fictional town Lake Wobegon.
OpenPGP (short for open-source PGP) is the standard that allows companies to make and distribute PGP-compatible products, like Proton Mail. OpenPGP is the free and open source version of the PGP standard.
OpenPGP created a free environment for PGP encryption tools to thrive and compete with each other.
PGP uses three types of keys. Your encrypted one-use session key, your personal private key (which should never be shared with anyone), and your public key. These three keys are used to encrypt your emails and prevent anyone from intercepting and reading them.
Your session key is used to encrypt your message, while the public and private key pairs are used to encrypt and decrypt the session key.