Skip to content

How can we improve Proton Mail?

← Proton Mail

Import own OpenPGP subkeys only

Allow users to import just the encryption and signing subkeys, without the OpenPGP master key.

Users can generate new subkeys just for Proton Mail. The scope of the keys becomes limited. Independent revocation becomes possible. The keys are exported to keyservers under the user's own identity. Proton Mail becomes part of the decentralized web of trust.

No impact on Proton Mail's usability. Users can still use the keys generated on the servers. Advanced users gain the option to maintain full and exclusive control over their OpenPGP identity while benefiting from Proton Mail's services.

21 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Matheus Afonso Martins Moreira shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Clément Hermann commented  ·   ·  Report

    I have my master key offline, and only subkeys in a hardware token (yubikey). I could maybe allow Proton (which I'd really like to use) to handle a copy of those subkeys, if not possible to use the token only, but I absolutely won't share the master key, ever.

  • zhiyan114 commented  ·   ·  Report

    I believe I'll be more useful to have the mail client integrate with the native GPG client so that none of the keys has to be uploaded.

  • [Deleted User] commented  ·   ·  Report

    I think this is absolutely vital and PM really should prioritise this higher.

    While the way things are at the moment is "good enough" for the average person, for the more PGP savvy people it still violates a fundamental PGP principle - the primary keypair [C] stays locked in a box and doesn't ever get touched by anyone unless absolutely necessary (e.g. revocation, subkey generation, etc).

    This leads to the scenario where one has to use a separate PGP identity for PM as opposed to their primary PGP identity (as mentioned). So which one should they publicly advertise to those who want to send them an encrypted email?!

    This is also important for key rotation. Instead of generating a completely distinct identity, one may wish to rotate their subkeys, knowing that their [C] keypair is always kept safe.

  • M Haraj commented  ·   ·  Report

    This is important to me as well. My master private key should not be required to sign or decrypt emails. Even if a scheme where I give protonmail only encrypting and signing subkeys is more painful from a UX perspective, I would much prefer it. As it stands now I am in the awkward situation where my protonmail identity is distinct from my main identity.

  • Anonymous commented  ·   ·  Report

    I'd like to have the possibility to only import my subkeys to ProtonMail, and use them to encrypt and sign.

    It has became a deal breaker for me as I would like to setup rolling subkeys, and keep my private master key offline, off-computer, on an encrypted usb media device.
    I do not trust the hardware I read my mails on, nor I trust my ProtonMail password to be as secure as the encrypted usb key under my pillow.

    The ability to manage expiration date efficiently with subkeys is one big security advantage of PGP.

Proton Mail: Changes to existing features

Categories

Feedback and Knowledge Base

(thinking…)