Proton Drive signature management
Proton Drive uses different methods to protect your files. End-to-end encryption protects your files from being accessed by outsiders while digital signatures verify who created or uploaded a file and are proof that the file was not altered in transit.
Authenticity validation
Digital signatures allow you to be confident that a file is authentic (or, in the example for Proton Drive, they let you be confident a file was uploaded by the claimed uploader).
Proton validates your email address and the public key associated with your upload to ensure it is authentic. When you upload a file or folder, Proton signs it with your private key.
As only you can access your private key, digital signatures protect against tampering by outside parties and ensure that a malicious party cannot upload or modify a document in Proton Drive without your knowledge.
How digital signatures work in Proton Drive
- Proton Drive uses OpenPGP to create digital signatures(новое окно) of your file or folder.
- Proton Drive encrypts the file or folder you want to upload, together with the digital signature, on your device.
- When you download and decrypt the file or folder, the signature is also decrypted and verified using your key. If the signature verifies, then the file is authentic.
Invalid signatures
Although an invalid signature can potentially mean someone tampered with a file, it is more commonly caused by out-of-date Proton Drive credentials.
For example, when a file owner deletes their Proton Drive account, resets their password, or disables the email address or key used to upload a file or folder, Proton Drive can no longer validate the digital signature. Any files or folders that have not been verified will show a padlock warning label.
If we cannot establish the authenticity of the file, we provide the following warning message. If you see this warning message but you believe it was caused by an address or key change, you can download the file and re-upload it to provide a new digital signature. Otherwise, you can delete the file or contact customer support.
You can also access the details for any folder or file by hovering over the file in your drive, clicking the vertical ellipsis to open the options menu for that file, and selecting Details.
The Details pop-up window will tell you whether or not a file’s digital signature has been verified.