Allow PGP encrypted mails to non protonmail contacts
If I want to send an encrypted mail to a non protonmail E-Mail address I can't do that right now (I mean besides that link thing)
Please add in the contacts section a way to upload the public key of a non protonmail user. That way we would be capable to send and receive PGP (GnuPG) encyrpted mails from others.
Today we’ve launched Address Verification, full PGP support, and a public key server! Now ProtonMail is even more convenient to use and secure against attacks. Learn more: https://protonmail.com/blog/address-verification-pgp-support/
-
jh commented
Also it is quite common to add public keys as an attachement. Protonmail users could benefit from this in two ways:
1) Provide an option to attach the users public key to outgoing mail.
2) Allow the user to import received public keys.Anyway, a tool to manage trustability should be self-evident.
-
Kris commented
With the shutdown of Lavaboom, ProtonMail becomes a prime contender for easy-to-use encrypted email. However, there are always going to be those who don't use it and instead would prefer to use PGP.
Unfortunately, many people will not wish to use ProtonMail's encrypted email - which immediately becomes a barrier to its usage. ProtonMail could benefit from allowing external emails to be sent using PGP.
This could be simple - first, allow users to attach a PGP key to an address book entry of an external email address. Then, when an email is being sent externally from ProtonMail to someone who has an attached key, provide the option to use PGP instead of the ProtonMail interface.
They already can reply to the ProtonMail user using PGP, and currently having to use ProtonMail's interface exclusively for an external user is annoying and deters encryption.
-
Kris commented
With the shutdown of Lavaboom, ProtonMail becomes a prime contender for easy-to-use encrypted email. However, there are always going to be those who don't use it and instead would prefer to use PGP.
ProtonMail currently provides a PGP public key to users, and allows messages to be sent to ProtonMail users (inline PGP). However, that cannot happen without someone actually having this key.
What I think would be useful would be a checkbox in settings (likely right next to where you can get the key) to auto-attach the public key (in a non-encrypted format) to any external emails that are being sent. That way, someone will have your PGP-key and can reply with an encrypted email - if that is their preferred method - or use ProtonMail's interface - if they don't use/know PGP.
-
sxiii commented
We definitely need this integration done!
-
user commented
Any updates with this feature? Thanks
-
Erdogan commented
This feature could be the true silent circle :-D
-
HaKr commented
I would like to be able to use my own PGP keys with the service. That way when IMAP support is implemented, all I need to do is use a PGP compat client
-
AdminProton (Admin, Proton) commented
Planned PGP GPG integration.
-
sfox@protonmail.com commented
My dad uses startmail, it would be cool to securely email him
-
ED commented
@Ridge
It is theoretically possible that the private key is used only while logging in, but then you would need it again if you receive a message meanwhile you are logged, since it would be encrypted and impossible to decrypt without your decrypted private key. Thus I can assume there always is the decrypted private key in the browser cache since the browser session last.
About the encryptions I am sure Tutanota uses 2048+128 and Lavaboom 4096+256, I am not actually sure about Protonmail (may and Admin answer) but they should be 4096+256. Nevertheless both are extremely safe and from a criptographic point of view.
As indeed is safe the synced encrypted private key (Protonmail and Tutanota and many others) but I do want the possibility to have an account with a truly "private" key, local kept, forged on my pc and never uploaded (even if encrypted) but for a local temporary cache. Please implement this feature on Protonmail too!I have to apologize for my English (especially in the previous comments), unfortunately I have to write from my small mob phone and I am usually very short of time.
-
Ridge commented
Ed-
I agree that ideally one should not transmit the private key, but if properly created and protected by a 128 bit passphrase, then the work factor to brute force the passphrase or the key itself should be about the same. Now I don't know what size key is created in the browser with PM. 2048, probably. That is considered not a strong as 128 AES, blowfish, etc... Hopefully its up to 4096.If Keys could be passed up to the server for use, RSA v3 4096 with 128 bit passphrase to be used both on local key chain and on Protonmail. And if passed using SSL/TLS, then that's what they are doing now.
BTW, I've been looking in browser caches for the private key but can't fine. Does it only last while entering Pphrase?
-
ED commented
They said that to upload PGP keys is not too troblesome and that they are looking forward on implementing it. The problem is to not upload on the servers the private key and to keep it locally, this is perceived as very sophisricated and wanted by a few of us and therefore it is even not planned. In my opinion it would represent a piece of the state-of-the-art of criptography...
NB: the private key is always encrypted on the servers therefore always safe, but to never share/sync/upload it even better a lot better!
You should just keep it with you (as a key file) and upload it locally in your browser cache whenever you log in... -
Ridge commented
I think this is a good alternative for advanced users. Combine with POP3 download of messages and you can decrypt in a separate program outside the browser (which is often a source of exploits).
If uploading PGP/GPG key pairs to the servers too troublesome, then download keys which are generated at account sign up. They will be passed by SSL/TSL; just as they are now when the private key is pushed to browser during a session. Once the key pair are stored locally, then stand alone programs can use them as well as browser based access. That and POP3 download would make the service useful to the full range of users; non-tech outsiders and savvy crypto advocates.
-
ED commented
Many thanks to you, John Smitho, for the feed back comment. They (Protonmail) anwered me that PGP is very wanted and therefore planned, but local unsynced private key is not due to low request. Let's show them we want our private keys for ourselves as well!
-
John Smitho commented
I very much like the idea to be able to handle your private key. I think combining physical access like a USB stick containing a keyfile is a great way to add security, have the private key generated and kept locally/privately while protonmail acts as with an overlay style of encryption and an automation system. It's the ideal solution without sacrificing portability (except to mobile OS in which an app integrating other factors besides usb would be ideal)
-
Sam commented
Integration for Tutanota needed - some of my friends already use it. While I like Protonmail, I might have to switch sooner or later.
-
Haritonov commented
Hi guys,
First, I am not a security expert, but I played today for 30 min with Thunderbird and Enigmail and everything look so obvious now! I got the impression, that there is a misconception regarding PGP - it's not that the concept of asymmetric encryption is hard to understand, its the tools that are not user-friendly. Once you get what public and private keys are used for, it's really a question of how you find and manage them. In this regard, form your posts I understood that ProtonMail is using asymmetric encryption *generally* in the same way, that it's done in Enigmail, it's just the we do not know what our public keys are, so we can give them to other people, or they could search for them.
So why not doing something like in whiteout.io - uploading public keys to your server or/and to other pgp servers (pgp.mit.edu, keys.gnupg.net, etc.), then when composing new mail just checking if the recipient has uploaded his/her key there and encrypt the message with it? In the same regard, if they know your public key, they can use it to send you a secure message. It's like you want to send a letter to someone, and you automatically search for his/her post code.
I read somewhere, that you want to use the privacy feature to make ProtonMail more popular, but choosing to make it available for communication in a closed network does not seem like the right way to go. On the other hand - if you make the key management super easy to do, plus all other features, you end up with a really AWESOME service! Now this is how you bring privacy to the masses!Finally - I really want to thank you for what you are doing. It's not that I don't like my Google mail - it's fast, with lots of space, really nice synergy with calendar and docs, etc.... I like the beautiful and useful design of inbox. But give me a way to transfer all my emails to ProtonMail and I won't login there again. Because you are standing for the things I truly care. Making your service free and giving the people an easy way to protect their privacy is awesome! Thank you guys! You rock!
-
ED commented
I have to disagree, in order to change/revert keys and attempt the alleged MITM attack you would still need to provide your former private key and to decrypt it with its password, hard(er) to do since the private key is only kept for yourself and never shared. What I am proposing is a sort of second factor authentication with a key file, not a vulnerability
-
Markus Jansson commented
If users are given access to keys, then it is possible to change/revert the encryption keys used and commit a man-in-the-middle-attacks much more easily. Therefore I cannot recommend this. If you want to "use your own keys" then use them - on your own computer.
-
ED commented
Your cryptography should be based on PGP, therefore it should be based on private and public keys.
I would like to have these keys manageable:- The possibility to make them with my own tools (as GPG tools installed on my computer),
- The possibility to upload my newly made public key on your servers in order to encrypt my account with it, it will make me lose my previous data, exactly as it happens when I reset a forgotten mailbox password (since then your service make and upload a new key ring on the servers).
- The possibility to only temporary upload my private key in the cache of my browser, in order to decrypt my mailbox (and then not to synchronise the private key with your servers as it is done now).A never shared, self forged, private key is the ultimate security!
This is a function offered by lavaboom and, to some extent, by countermail too, something similar happens as default on Telegram "Secret Chats". It is an advanced setting of course, not for beginners, but it could be made simpler with the right UI