Security requirements and recommendations for OpenPGP keys
We recommend you avoid using the following OpenPGP keys with Proton Mail:
- RSA keys shorter than 2048 bits
- ECC keys using a Brainpool curve or secp256k1 (as opposed to Curve25519 or a NIST curve): It is unclear if these keys will be standardized for use with OpenPGP. These curves also are not implemented in constant time in the OpenPGP libraries that we use, so they may be less secure than other keys.
- ElGamal and DSA keys: These algorithms are not implemented in constant time in the OpenPGP libraries that we use, so they may be less secure than other keys. Additionally, they are not implemented natively on the web platform, and are therefore much slower than RSA and ECC.
If you want to import new keys to Proton Mail, you cannot use these types of keys.
For users who have previously imported these keys, Proton Mail will show a warning in Settings under “Encryption & keys”. We recommend that you mark these keys as obsolete and generate a new key.