Introducing Proton Mail Contacts – the world’s first encrypted contacts manager

Today we’re launching a new contacts manager, the first one in the world that includes both zero access encryption and digital signature verification.

Starting with Version 3.12 of Proton Mail, we have rolled out a brand new version of Contacts for Proton Mail. The new Proton Mail Contacts was in development for over a year and is an essential next step in our broader security roadmap.

In addition to adding a much more powerful contacts functionality to Proton Mail, our new contacts manager provides the world’s first tool for securely managing your contacts.

What is an Encrypted Contacts Manager?

ProtonMail’s new contact manager uses zero-access encryption in order to protect the details of your contacts. Zero-access encryption means that the protected contact fields are encrypted in such a way that only you are able to decrypt and read them, not even Proton Mail can read them.

In our new encrypted contacts manager, the protected contact details are shown within an area with a lock icon.

ProtonMail-Encrypted-Contacts-lock-icon

The addition of encrypted contact fields brings many security benefits. For example, if you are a journalist with a confidential source, it is very important to protect the phone number or address of that source. Using the notes field in contacts, you can also add other information about the contact that will be protected with zero-access encryption. In order to do email filtering, we do not use zero-access encryption for email addresses – doing so also does not significantly improve privacy because as an email service, we necessarily must know who you are emailing in order to deliver the message.

Digitally Signed Contacts

The new Proton Mail Contact does more than just protect contact data fields with zero-access encryption. We also utilize digital signatures to verify the integrity of contacts data. Digital signatures are used for all contact fields, including the email address itself, and are denoted by the icon.

The concept of digital signatures is technically complex, and is explained in more detail here, but in more simple terms, what digital signature verification does is provide a cryptographic guarantee that nobody (not even Proton Mail) has tampered with your contacts. Thus, you can be absolutely sure that the contacts data is precisely what you entered.

This is a big security benefit for many reasons. For example, if an attacker wanted to intercept the communications between you and a sensitive contact, one way to do it could be to secretly change the email address or phone number you have saved for that contact, such as changing john.smith@proton.me to john.snnith@proton.me, which might escape your notice. However, because Proton Mail contacts are now digitally signed, an attempt to tamper with your contacts would lead to the following error being displayed.

ProtonMail-Encrypted-Contacts-verification-failed

How does it work?

For those who are technically inclined, this section discusses how Proton Mail’s encrypted contacts manager is implemented. For each email account, we generate a new private and public key pair that is used exclusively for encrypting contacts. The private key is generated on the client side and encrypted using a derivative of your password which we don’t have access to, meaning that we can never access your contacts private key. Encrypted contact fields are encrypted with your contacts public key and therefore can only be decrypted with the corresponding private key which only you have access to. Digital signing is done by signing the data with your private key which allows the authenticity of the data to be conclusively verified on each subsequent data access. For full implementation details, it is possible to check out our source code.

What’s next?

The immediate security benefits of encrypted and digitally signed contacts are quite obvious. However, our new encrypted contacts manager also provides the foundation for a number of upcoming security enhancements that we are adding to Proton Mail in 2018. For example, our new contacts manager can also be extended to store public keys, which is an essential component for both sending PGP messages to people who don’t use Proton Mail, verifying the integrity of the keys themselves, and verifying the authenticity of received messages via digital signatures. We are working on these, and many other security enhancements, and look forward to sharing them with the Proton Mail community in the future.

In the nearer term, we will be working on also rolling out the new encrypted contacts manager to our iOS and Android encrypted email mobile applications (currently, our new contacts manager is only available on the web version of Proton Mail). For an overview of all of the features that were released in this latest version of Proton Mail, you can view the release notes here.

Best Regards,
The Proton Mail Team

You can read the encrypted contacts press release here.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!