PGP Smartcard Support
A moderately happy plus subscriber, however i was disappointed to find i cannot use my own PGP keys that i have stored on my YubiKey. I would hope at the very least in future i will be able to use the ProtonMail Bridge and have it allow me to insert my own PGP encrypted messages with my own keys using GPG4Win without throwing me a 554 error.
Other ideas for this area:
- Support PGP smartcards
- Allow plain IMAP connections to ProtonMail so that i can use my own mail client and handle my own encryption
- Allow integration with ProtonMail and OpenKeychain on Android
- Allow users to have more control over the encryption options in ProtonMail and the ProtonMail Bridge.
I understand the way everything is designed right now for ease of use especially for new comers. However i have found the lack of flexibility disappointing as i am unable to use my existing PGP keys without a great deal of effort.
I hope that this can be improved in the future.
-
Taavi commented
ProtonMail also does not let you upload and use just the hardware-stored keypair's public key, which is very tedious.
-
zhiyan114 commented
+1 All of my GPG crypto operation are done on my smart card. The physical key file are securely locked away and only to be used when importing to a new smart card.
There's absolutely no reason to upload your GPG key considering software like gpg4win has a browser integration already (for web mail).
-
Lilith commented
While it is nice that proton manages my pgp keys for me, I'd like the option to use keys that remain on my machine.
For this purpose, I propose that email addresses can be configured to be unencrypted by proton and directly accessible via SMTP / IMAP (without using the bridge). Then users can simply use whatever encryption they wish, built into their email client.
From a security perspective, I'd like to trust proton as little as possible. With the current model you store encrypted emails and the keys to decrypt them. I would like to store these keys myself, at least for some email addresses with higher security requirements.
-
Andre Renard commented
I think this would be a great feature to add. Even if it just worked in one of these areas (bridge/web/smartphone) it would add an excellent layer of extra security when needed.