By default Proton Mail distributes all the necessary cryptographic keys needed for communicating between users. This ensures that any Proton Mail user can seamlessly encrypt messages to any other Proton Mail user, with no possibility of data being intercepted.
This approach makes sure everything is encrypted, but it puts trust in our servers to distribute the right keys. If you prefer, you can select which key to use when sending emails to a trusted contact. This is also know as key pinning.
How to choose a key to use for sending
1. Sign in to mail.proton.me(new window) , go to Contacts, and select the contact you wish to enable key pinning for.
2. Go to Email settings (gear icon).
3. Go to Show advanced PGP settings.
4. You can now view all public keys the server has for this user. To use a key when sending emails to this contact, you must first trust the key. To do this, click on dropdown menu in the Actions column next to the key you wish to use →Trust.
5. You can now use the trusted key for sending emails to your contact. Click on dropdown menu in the Actions column next to the key you trust →Use for sending.
The key will now change its Status to being your Primary key.
Digital signature verification
Trusted keys are also used for digital signature verification(new window) to verify the identity of the user. This makes sure each message received from that user was sent by that user and not by a third party.
You can check if the user’s identity is verified by looking at in the From field of emails sent to you. Is the email is PGP-signed but verification has failed, you will see a green or blue warning icon
What will happen if you reset your password?
Your trusted keys are protected by a digital signature(new window). This allows our apps to detect illegal modifications to them. This signature is verified using your private keys. A consequence of this is that your contacts will fail to verify if you reset your password, and thus lose access to your original private keys.
If the digital signature for keys you trust becomes invalid, it might mean that someone has modified them or that you’ve recently reset your password.
If you try to send a message to a recipient you have trusted keys for, but the verification fails, you will be asked if you want to re-sign the keys. You can re-sign the keys manually by saving the message as a draft.
What will happen if the contact resets their password?
In case the contacts resets their password, the trusted keys might become inaccessible for that user. Therefore, you can’t send the contact an email using the pinned keys. In that case, before being able to send an email to that user you asked if you want to pin their new primary key.