How can we improve ProtonMail?

Open Pgp Integration

Open Pgp Integration

1,201 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    AdminThe ProtonMail Team (Privacy Protector, ProtonMail) shared this idea  ·   ·  Admin →

    36 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Alfonso commented  · 

        I couldn't import my public key into Perfect Privacy VPN configuration panel to receive encrypted emails. They told me the followin:

        "
        I checked the key, there are various issues:

        1) it contained some extra End-of-Lines, making it unreadable (I fixed
        this).

        2) The key seems to contain no email address. Try importing this with
        your enigmail/gpg/pgo application and you will see it is only saying
        "UserID"
        "

        Is it related to this topic? Will that be fixed with this topic?

        Thanks!

      • Anonymous commented  · 

        Where do I find the dates for the releases?

      • PGP commented  · 

        Rather than relying on public PGP servers, it would be better to (at least additionally) support RFC 7929, which is a more secure way of finding a user's public key (since people can upload spoofed data to public key servers).

        ProtonMail should also publish its users' public keys in the DNS so other services can find them.

      • Sander commented  · 

        As mentioned before: integration with public pgp servers would be great. This way the public key for a recipient (outside ProtonMail) could be obtained automatically.
        And vice versa: my public key on the pgp servers so others can use my key when sending me e-mails. (already done this manually getting the key from v2.protonmail.com)

      • Mick commented  · 

        Should be done at the least - as protonmail is have already walked half of the cake (by being OpenPGP based), this should not be a priority.
        Otherwise, solutions like mailfence.com or scryptmail are way better to go with.

      • Phillip Wilson commented  · 

        I hope Protonmail is a higher grading of encryption not a basic AES. And I want upgrade but I don't know enough about boot chain coding and the integers Hastings processing development to a safe place and I had £400 taken from my account today.

      • Crypt O commented  · 

        "Would be really really nice to be able to "at least" sign our emails to non proton-mail users."

        THIS

      • Remi Ferrand commented  · 

        Would be really really nice to be able to "at least" sign our emails to non proton-mail users.

      • Brian commented  · 

        I'm frustrated that I don't have access to my ProtonMail secret key, and therefore can't sign a message to prove ownership of it. This is part of the protocol used by keybase.io to let people discover your public key.

      • Kris commented  · 

        With the shutdown of Lavaboom, ProtonMail becomes a prime contender for easy-to-use encrypted email. However, there are always going to be those who don't use it and instead would prefer to use PGP.

        ProtonMail currently provides a PGP public key to users, and allows messages to be sent to ProtonMail users (inline PGP). However, that cannot happen without someone actually having this key.

        What I think would be useful would be a checkbox in settings (likely right next to where you can get the key) to auto-attach the public key (in a non-encrypted format) to any external emails that are being sent. That way, someone will have your PGP-key and can reply with an encrypted email - if that is their preferred method - or use ProtonMail's interface - if they don't use/know PGP.

      • sxiii commented  · 

        We definitely need this integration done!

      • user commented  · 

        Any updates with this feature? Thanks

      • Erdogan commented  · 

        This feature could be the true silent circle :-D

      • HaKr commented  · 

        I would like to be able to use my own PGP keys with the service. That way when IMAP support is implemented, all I need to do is use a PGP compat client

      • ED commented  · 

        @Ridge
        It is theoretically possible that the private key is used only while logging in, but then you would need it again if you receive a message meanwhile you are logged, since it would be encrypted and impossible to decrypt without your decrypted private key. Thus I can assume there always is the decrypted private key in the browser cache since the browser session last.
        About the encryptions I am sure Tutanota uses 2048+128 and Lavaboom 4096+256, I am not actually sure about Protonmail (may and Admin answer) but they should be 4096+256. Nevertheless both are extremely safe and from a criptographic point of view.
        As indeed is safe the synced encrypted private key (Protonmail and Tutanota and many others) but I do want the possibility to have an account with a truly "private" key, local kept, forged on my pc and never uploaded (even if encrypted) but for a local temporary cache. Please implement this feature on Protonmail too!

        I have to apologize for my English (especially in the previous comments), unfortunately I have to write from my small mob phone and I am usually very short of time.

      • Ridge commented  · 

        Ed-
        I agree that ideally one should not transmit the private key, but if properly created and protected by a 128 bit passphrase, then the work factor to brute force the passphrase or the key itself should be about the same. Now I don't know what size key is created in the browser with PM. 2048, probably. That is considered not a strong as 128 AES, blowfish, etc... Hopefully its up to 4096.

        If Keys could be passed up to the server for use, RSA v3 4096 with 128 bit passphrase to be used both on local key chain and on Protonmail. And if passed using SSL/TLS, then that's what they are doing now.

        BTW, I've been looking in browser caches for the private key but can't fine. Does it only last while entering Pphrase?

      • ED commented  · 

        They said that to upload PGP keys is not too troblesome and that they are looking forward on implementing it. The problem is to not upload on the servers the private key and to keep it locally, this is perceived as very sophisricated and wanted by a few of us and therefore it is even not planned. In my opinion it would represent a piece of the state-of-the-art of criptography...

        NB: the private key is always encrypted on the servers therefore always safe, but to never share/sync/upload it even better a lot better!
        You should just keep it with you (as a key file) and upload it locally in your browser cache whenever you log in...

      • Ridge commented  · 

        I think this is a good alternative for advanced users. Combine with POP3 download of messages and you can decrypt in a separate program outside the browser (which is often a source of exploits).

        If uploading PGP/GPG key pairs to the servers too troublesome, then download keys which are generated at account sign up. They will be passed by SSL/TSL; just as they are now when the private key is pushed to browser during a session. Once the key pair are stored locally, then stand alone programs can use them as well as browser based access. That and POP3 download would make the service useful to the full range of users; non-tech outsiders and savvy crypto advocates.

      ← Previous 1

      Feedback and Knowledge Base