Skip to content

How can we improve Proton Mail?

← Proton Mail

Allow re-encrypt existing mails with a new key

I contacted support and it seems this is not available, which is a security breach.

Old accounts have as per old standards GPG 2048 keys, which are not as secure as current ECC ones and also, the key can be compromised. We can create a new key but it only works for new emails, existing ones cannot be re-encrypted with the new key.

We have heard by Proton team multiple times, even in Andy Yen's interview that Proton products are designed to be covered even if a data breach happens, as all the data is encrypted. If old mails cannot be re-encrypted with newer and more secure keys, this is only partially true, as GPG keys 2048 long are not secure enough in long term and in the future, current ECC will be became outdated as well.

If this feature is implemented in a way that the existing emails are re-encrypted with new keys and all the folder estructure and details are kept, being transparent to the user, Proton mail will increase its security a lot in long term and ensures to all the Proton users that their data will be safe as per latest standards and if a private key is compromised, all the data can be still retained securely after re-encrypt everything with a new key.

20 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

David Menendez shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • David Menendez commented  ·   ·  Report

    I agree that the re-encryption could have some risks, but I had assumed that during the conversion we would be working in a copy and only once all steps are successfully done, the original data would be removed.

    For me, these would be the key parts it should ensure:

    - Integrity of the data: this means that we need to work in "a copy" to allow the rollback if something goes wrong without loosing data.
    - Folder structure for messages and tags are kept as they are in the original encryption.

    I truly hope this gets implemented soon, otherwise we are using a service with a expire date depending on when you first logged in; of course, nowadays you can assume you lose data and can create new keys and forget about previous data, but this is currently a no-sense to me.

  • Tyler commented  ·   ·  Report

    I agree, the option of uniformity should be available. However, for implementation this imposes great risk. What if anything goes wrong during the decryption and reencryption? This could corrupt any number of emails. So my caveat is that this optionality be available to users via support ticket to protonmail engineers. I would expect a low volume of tickets.

    However, I would like to point out an interesting thought. Automating it may not be so tough. Before Boxcryptor service was bought by Dropbox, they did have a feature to decrypt or encrypt entire folder contents. What they did was make a new folder, appended "_{decrypted/encrypted}" to it, and proceeded the conversion in linear fashion from the old folder to the new one.

    Two cents to make this feature request more specific.

Proton Mail: New feature

Categories

Feedback and Knowledge Base

(thinking…)