ProtonMail is arguably the easiest way to send end-to-end encrypted emails. But encryption only works by default with other ProtonMail users. The company is adding full PGP support so that you can send and receive encrypted emails with people who use other apps and services.
ProtonMail is pretty much like iMessage or WhatsApp, but for email. All communications between two users are seamlessly encrypted. It’s transparent for the end user as you don’t need to manage encryption keys yourself.
But encrypted emails have been around for longer than ProtonMail. OpenPGP-compliant apps let you encrypt and digitally sign emails before sending them, even if your recipient isn’t using the same app. On the recipient’s side, you can check the sender’s signature and decrypt the message.
But PGP requires that both senders and recipients know how to use the standard. There are many extensions and plugins to use PGP in email apps. And now, ProtonMail lets you manage PGP communications directly in its service.
ProtonMail was already using PGP in the background. But now, the service is exposing those features to advanced users. You can import PGP public keys for your contacts and export your own key to share it with others. Encryption and decryption is then fully automated.
In order to make that possible, ProtonMail is launching an API to fetch public key encryption keys from ProtonMail users. Many users put their PGP key on their Twitter profile or website. But if you already know the ProtonMail email address of your recipient, you can get it from your browser directly (
Finally, exposing public keys also enables a new feature — address verification. If a server gets compromised or there’s a Man-in-the-Middle attack, a person could send an email pretending to be you but with a completely different set of public and private keys.
If you’re handling highly sensitive information, you can now manually verify the address of a specific contact. For instance, if you’re meeting with a contact in person, this person can show you their public key so that you can check it against your inbox. If those two keys are identical, you can choose to trust this key for future communications.
This is an overkill for your vacation photos, but Edward Snowden would love this kind of feature. ProtonMail is keeping basic encryption features accessible while giving more control to power users. This is a great way to get started and learn more about PGP, public and private keys as well as best practices.