Open Pgp Integration
Open Pgp Integration
We are finalizing compatibility with the PGP standard. Hope to have it ready for 1.16 or 1.17.
I couldn't import my public key into Perfect Privacy VPN configuration panel to receive encrypted emails. They told me the followin:
I checked the key, there are various issues:
1) it contained some extra End-of-Lines, making it unreadable (I fixed
2) The key seems to contain no email address. Try importing this with
your enigmail/gpg/pgo application and you will see it is only saying
Is it related to this topic? Will that be fixed with this topic?
Where do I find the dates for the releases?
Rather than relying on public PGP servers, it would be better to (at least additionally) support RFC 7929, which is a more secure way of finding a user's public key (since people can upload spoofed data to public key servers).
ProtonMail should also publish its users' public keys in the DNS so other services can find them.
As mentioned before: integration with public pgp servers would be great. This way the public key for a recipient (outside ProtonMail) could be obtained automatically.
And vice versa: my public key on the pgp servers so others can use my key when sending me e-mails. (already done this manually getting the key from v2.protonmail.com)
Should be done at the least - as protonmail is have already walked half of the cake (by being OpenPGP based), this should not be a priority.
Otherwise, solutions like mailfence.com or scryptmail are way better to go with.
Phillip Wilson commented
I hope Protonmail is a higher grading of encryption not a basic AES. And I want upgrade but I don't know enough about boot chain coding and the integers Hastings processing development to a safe place and I had £400 taken from my account today.
Crypt O commented
"Would be really really nice to be able to "at least" sign our emails to non proton-mail users."
Remi Ferrand commented
Would be really really nice to be able to "at least" sign our emails to non proton-mail users.
I'm frustrated that I don't have access to my ProtonMail secret key, and therefore can't sign a message to prove ownership of it. This is part of the protocol used by keybase.io to let people discover your public key.
With the shutdown of Lavaboom, ProtonMail becomes a prime contender for easy-to-use encrypted email. However, there are always going to be those who don't use it and instead would prefer to use PGP.
ProtonMail currently provides a PGP public key to users, and allows messages to be sent to ProtonMail users (inline PGP). However, that cannot happen without someone actually having this key.
What I think would be useful would be a checkbox in settings (likely right next to where you can get the key) to auto-attach the public key (in a non-encrypted format) to any external emails that are being sent. That way, someone will have your PGP-key and can reply with an encrypted email - if that is their preferred method - or use ProtonMail's interface - if they don't use/know PGP.
We definitely need this integration done!
Any updates with this feature? Thanks
This feature could be the true silent circle :-D
I would like to be able to use my own PGP keys with the service. That way when IMAP support is implemented, all I need to do is use a PGP compat client
Planned PGP GPG integration.
My dad uses startmail, it would be cool to securely email him
It is theoretically possible that the private key is used only while logging in, but then you would need it again if you receive a message meanwhile you are logged, since it would be encrypted and impossible to decrypt without your decrypted private key. Thus I can assume there always is the decrypted private key in the browser cache since the browser session last.
About the encryptions I am sure Tutanota uses 2048+128 and Lavaboom 4096+256, I am not actually sure about Protonmail (may and Admin answer) but they should be 4096+256. Nevertheless both are extremely safe and from a criptographic point of view.
As indeed is safe the synced encrypted private key (Protonmail and Tutanota and many others) but I do want the possibility to have an account with a truly "private" key, local kept, forged on my pc and never uploaded (even if encrypted) but for a local temporary cache. Please implement this feature on Protonmail too!
I have to apologize for my English (especially in the previous comments), unfortunately I have to write from my small mob phone and I am usually very short of time.
I agree that ideally one should not transmit the private key, but if properly created and protected by a 128 bit passphrase, then the work factor to brute force the passphrase or the key itself should be about the same. Now I don't know what size key is created in the browser with PM. 2048, probably. That is considered not a strong as 128 AES, blowfish, etc... Hopefully its up to 4096.
If Keys could be passed up to the server for use, RSA v3 4096 with 128 bit passphrase to be used both on local key chain and on Protonmail. And if passed using SSL/TLS, then that's what they are doing now.
BTW, I've been looking in browser caches for the private key but can't fine. Does it only last while entering Pphrase?
They said that to upload PGP keys is not too troblesome and that they are looking forward on implementing it. The problem is to not upload on the servers the private key and to keep it locally, this is perceived as very sophisricated and wanted by a few of us and therefore it is even not planned. In my opinion it would represent a piece of the state-of-the-art of criptography...
NB: the private key is always encrypted on the servers therefore always safe, but to never share/sync/upload it even better a lot better!
You should just keep it with you (as a key file) and upload it locally in your browser cache whenever you log in...
I think this is a good alternative for advanced users. Combine with POP3 download of messages and you can decrypt in a separate program outside the browser (which is often a source of exploits).
If uploading PGP/GPG key pairs to the servers too troublesome, then download keys which are generated at account sign up. They will be passed by SSL/TSL; just as they are now when the private key is pushed to browser during a session. Once the key pair are stored locally, then stand alone programs can use them as well as browser based access. That and POP3 download would make the service useful to the full range of users; non-tech outsiders and savvy crypto advocates.