Proton

How to check encryption status using lock icons

Lesen
7 Min.

All messages in Proton Mail are labeled with a lock icon that tells you their encryption status. In this article, we explain what they mean.

A lock icon is shown next to every email in your inbox and custom folders

The encryption status of sent and received emails shows you how the message was encrypted when it was sent and can’t be changed.

Proton Mail shows the encryption lock icon in the from field

Lock icons are also shown in the Composer window and may change depending on how the email is sent. For example, if you password-protect emails sent outside of Proton, the lock will change from Black (or Green (open) if a PGP signature is attached) to Blue.

Proton Mail shows the encryption lock icon in the to field(neues Fenster)

The encryption lock icon is also displayed in the Proton Mail mobile apps for Android and iOS.

The Proton Mail mobile app shows the encryption lock icon

What the lock icons mean

The main indicator of a message’s encryption status is the color of the lock icon. Additional information is provided by a small symbol inside the lock. Please note that encryption only applies to message contents and attachments. Message headers and metadata are not encrypted so that Proton Mail can be interoperable with PGP.

Black lock

A black lock means that a message is stored with zero-access encryption. This means nobody other than you can read this email in your mailbox. Not even Proton Mail can decrypt this message. However, a copy of this email may be stored insecurely on the sender or recipient’s email server.

Black encryption lock(neues Fenster)Standard — The email is safely stored on Proton Mail’s servers using zero-access encryption. We never have access to your message contents.

Blue lock

You will see a blue lock on emails sent between Proton Mail email addresses. These messages are stored with zero-access encryption, but they also feature automatic end-to-end encryption (E2EE) for an extra layer of security. 

This means the messages have been encrypted by the sender on their device and can only be decrypted by the intended recipient on their device. No one else, including Proton Mail, can access E2EE messages.

Blue encryption lockStandard — End-to-end encrypted message
Blue encryption lock with a check markCheckmark — End-to-end encrypted message with verified recipient/sender. This lock is used for the contacts for whom you enabled the optional Address Verification feature. Address verification and end-to-end encryption allow for a much higher level of security than just E2EE alone.
Blue encryption lock with an exclamation markWarning — This lock can appear if you enabled the optional Address Verification feature. It means the message could not be verified using the sender’s trusted key. Contact the sender to confirm the authenticity of the message.
It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software.

Here are some examples of things that could cause a warning to be shown:

  • The use of an insecure key (for example, an RSA-1024 key or a key authenticated using SHA1)
  • The sender changed their key and signed the email with a new key that you haven’t trusted yet
  • You reset your password, and the contact signature (containing the trusted key) couldn’t be verified

Green lock (closed)

Proton Mail is interoperable with PGP, allowing you to send and receive E2EE emails with people who don’t use Proton Mail. Messages to people who have correctly set up PGP will be end-to-end encrypted and show a closed green lock. This includes people using WKD keys

Green encryption lockStandard – PGP end-to-end encrypted message
Green encryption lock with a penPencil — PGP end-to-end encrypted and signed message. A PGP signature guarantees that the sender is genuine and that the message hasn’t been tampered with.
Green encryption lock with a check markCheckmark — PGP end-to-end encrypted message with verified recipient/sender. This is the most secure way to email someone who doesn’t use Proton Mail.
Green encryption lock with an exclamation mark

Warning — PGP end-to-end encrypted message, but the sender’s email or key couldn’t be verified. If you see this warning, you may wish to contact the sender to confirm the authenticity of the message.

It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software.

Green lock (open)

An open green lock shows that a message is not end-to-end encrypted using PGP, but has been digitally signed with a PGP signature. These emails, like all emails, are stored on our servers using zero-access encryption.

Green and open encryption lock with a penPencil — PGP-signed message. A PGP signature guarantees that the sender is genuine and that the message hasn’t been tampered with.
Green and open encryption lockCheckmark — PGP-signed message from a verified sender
Green encryption lock with an exclamation markWarning — PGP-signed message, but the message could not be verified using the sender’s trusted key. If you see this warning, you may wish to contact the sender to confirm the authenticity of the message.
It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software.

Hast du nicht gefunden, wonach du gesucht hast?

Hilfe erhalten
Allgemeiner Kontaktcontact@proton.me
Kontakt für Medienmedia@proton.me
Kontakt für Rechtlicheslegal@proton.me
Kontakt für Partnerschaftenpartners@proton.me