Skip to content

How can we improve Proton Mail or Calendar?

← Proton Mail & Calendar

Advanced PGP Key Management for Proton Mail Users

Description

Currently, Proton Mail allows users to manually add PGP public keys to external addresses only.

This creates several limitations for users with more complex encryption setups or personal key hierarchies.

Problem 1: Limited Manual Control

Users cannot manually specify whether an email should be:

  • Signed only
  • Encrypted only
  • Signed and encrypted

Instead, Proton Mail enforces a fixed default behavior per contact.

If a user wishes to change how messages are sent, they must manually adjust the contact’s encryption settings each time.

This slows down workflows and complicates secure communication.

Problem 2: External Keys for Proton Addresses

Some Proton users maintain their own personal PGP key pairs associated with their Proton-hosted email addresses (for example, to preserve local control or maintain a separate trust model).

However, when receiving messages from other Proton Mail users, Proton’s system automatically forces the use of the Proton-managed encryption keys, preventing users from:

  • Assigning their external public key to that same Proton address, or
  • Choosing an alternative key manually for encryption/signing.

This limitation breaks compatibility with privacy-focused setups or air-gapped key workflows.

Problem 3: Security Tradeoff

The only workaround — uploading the external private key to Proton — undermines the purpose of maintaining an offline or self-controlled key.

Even if Proton’s storage is zero-access, this still requires trusting Proton’s infrastructure with a key that ideally should never leave local custody.

Suggested Enhancements

  1. Manual Key Override

    Allow users to override key selection on a per-message basis, including:

    • “Sign only”
    • “Encrypt only”
    • “Sign and encrypt”
    • “Send plaintext”

  2. Custom Key Mapping for Proton Addresses

    Enable assigning an external public key to a Proton-hosted address, even when interacting with another Proton user.

  3. Per-Message Key Selection UI

    Add an “Advanced” or “PGP Options” dropdown when composing a message to select signing/encryption behavior or which key to use (similar to Thunderbird or GPGMail).

Rationale

These improvements would benefit advanced users who manage their own key infrastructure or use Proton as part of a broader privacy toolchain.

They enhance flexibility and control without compromising usability or Proton’s secure defaults for non-technical users.

6 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Henry shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment

Proton Mail & Calendar: New feature

Categories

Feedback and Knowledge Base

(thinking…)