Introducing Address Verification and Full PGP Support

Address Verification allows you to be sure you are securely communicating with the right person, while PGP support adds encrypted email interoperability.

Starting with the latest release of ProtonMail on web (v3.14), iOS and Android (v1.9), and the latest versions of the ProtonMail IMAP/SMTP Bridge, ProtonMail now supports Address Verification, along with full PGP interoperability and support. In this article, we’ll discuss these two new features in detail, and how they can dramatically improve email security and privacy.

Address Verification

When ProtonMail first launched in 2014, our goal was to make email encryption ubiquitous by making it easy enough for anybody to use. This is no easy feat, and that’s probably why it had never been done before. Our guiding philosophy is that the most secure systems in the world don’t actually benefit society if nobody can use them, and because of this, we made a number of design decisions for the sake of better usability.

One of these decisions was to make encryption key management automatic and invisible to the user. While this made it possible for millions of people around the world to start using encrypted email without any understanding of what an encryption key is, the resulting architecture required a certain level of trust in ProtonMail.

While a certain level of trust is always necessary when you use online services, our goal is to minimize the amount of trust required so that a compromise of ProtonMail doesn’t lead to a compromise of user communications. This is the philosophy behind our use of end-to-end encryption and zero-access encryption, and it is also the philosophy behind Address Verification.

Prior to the introduction of Address Verification, if ProtonMail was compromised, it would be possible to compromise user communications by sending to the user a fake public encryption key. This could cause email communications to be encrypted in a way that an attacker, holding the corresponding fake private key, could intercept and decrypt the messages (this is also known as a Man-in-the Middle attack, or MITM), despite the fact that the encryption takes place client side.

Address Verification provides an elegant solution to this problem. We consider this to be an advanced security feature and probably not necessary for the casual user, but as there are journalists and activists using ProtonMail for highly sensitive communications, we have made adding Address Verification a priority.

How Address Verification works

Address Verification works by leveraging the Encrypted Contacts feature that we released previously. Starting with the latest version of ProtonMail, when you receive a message from a ProtonMail contact, you now have the option (in the ProtonMail web app) to Trust Public Keys for this contact. Doing so saves the public key for this contact into the digitally signed contacts, so it is not possible to tamper with the public encryption key once it has been trusted.

 

This means that when sending emails to this contact, it is no longer possible for a malicious third party (even ProtonMail) to trick you into using a malicious public key that is different from the one you have trusted. This allows for a much higher level of security between two parties than is possible with any other encrypted email service. You can learn more about using Address Verification in our knowledge base article.

PGP Support

At the same time as Address Verification, we are also launching full support for PGP email encryption. As some of you may know, ProtonMail’s cryptography is already based upon PGP, and we maintain one of the world’s most widely used open source PGP libraries. PGP support is also an advanced feature that we don’t expect most users to use. If you need secure email, the easiest and most secure way to get it is still to get both you and your contact on ProtonMail, or if you are an enterprise, to migrate your business to ProtonMail.

However, for the many out there who still use PGP, the launch of full PGP support will make your life a lot easier. First, any ProtonMail user can now send PGP encrypted emails to non-ProtonMail users by importing the PGP public keys of those contacts. Second, it is also possible to receive PGP email at your ProtonMail account from any other PGP user in the world. You can now export your public key and share it with them.

Therefore, your ProtonMail account can in fact fully replace your existing PGP client. Instead of sharing your existing PGP public key, you can now share the PGP public key associated with your ProtonMail account and receive PGP encrypted emails directly in your ProtonMail account.

If you are an existing PGP user and you would like to keep your existing custom email address (e.g. john@mydomain.com), we’ve got you covered there, too. It is possible to move your email hosting to ProtonMail and import your existing PGP keys for your address, so you don’t need to share new keys and a new email address with your contacts.

If you are using PGP for sensitive purposes, this might actually be preferable to continuing to use your existing PGP client. For one, PGP is fully integrated into ProtonMail, encryption/decryption is fully automated, and the new Address Verification feature is used to protect you against MITM attacks. More importantly though, ProtonMail is not susceptible to the eFail class of vulnerabilities, which have impacted many PGP clients, and our PGP implementations are being actively maintained.

You can find more details about using PGP with ProtonMail here.

Introducing ProtonMail’s public key server

Finally, we are formally launching a public key server to make key discovery easier than ever. If your contact is already using ProtonMail, then key discovery is automatic (and you can use Address Verification to make it even more secure if you want). But if a non-ProtonMail user (like a PGP user) wants to email you securely at your ProtonMail account, they need a way to discover your public encryption key. If they don’t get it from your public profile or website, they are generally out of luck.

Our public key server solves this problem by providing a centralized place to look up the public key of any ProtonMail address (and non-ProtonMail addresses hosted at ProtonMail).

Our public key server can be found at hkps://api.protonmail.ch (!! This link is used for HKP requests and cannot be accessed with a browser. However, if you want to download the public key of a ProtonMail users, simply replace the “username@protonmail.com” with the address you’re looking for and copy/paste the following link into your browser: https://api.protonmail.ch/pks/lookup?op=get&search=username@protonmail.com)

Concluding thoughts on open standards and federation

Today, ProtonMail is the world’s most widely used email encryption system, and for most of our users the addition of Address Verification and PGP support will not change how you use ProtonMail. In particular, setting up PGP (generating encryption keys, sharing them, and getting your contacts to do the same) is simply too complicated, and it is far easier for most people to simply create a ProtonMail account and benefit from end-to-end encryption and zero-access encryption without worrying about details like key management.

Still, launching PGP support is important to us. The beauty of email is that it is federated, meaning that anybody can implement it. It is not controlled by any single entity, it is not centralized, and there is not a single point of failure. While this does constrain email in many ways, it has also made email the most widespread and most successful communication system ever devised.

PGP, because it is built on top of email, is therefore also a federated encryption system. Unlike other encrypted communications systems, such as Signal or Telegram, PGP doesn’t belong to anybody, there is no single central server, and you aren’t forced to use one service over another. We believe encrypted communications should be open and not a walled garden. ProtonMail is now interoperable with practically ANY other past, present, or future email system that supports the OpenPGP standard, and our implementation of this standard is also itself open source.

We still have a long way to go before we can make privacy accessible to everyone, and in the coming months and years we will be releasing many more features and products to make this possible. If you would like to support our mission, you can always donate or upgrade to a paid plan.

Thank you for your continued support!

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail hereWe also provide a free VPN service to protect your privacy.

About the Author

Andy Yen

Andy is a founder of ProtonMail. He is a long time advocate of privacy rights and has spoken at TED, SXSW, and the Asian Investigative Journalism Conference about online privacy issues. Previously, Andy was a research scientist at CERN and has a PhD in Particle Physics from Harvard University. You can watch his TED talk online to learn more about ProtonMail's mission.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

34 comments on “Introducing Address Verification and Full PGP Support

  • It was recently reported that PGP is broken due to lack of specificity in the protocol that gave rise to implementations that are easily hacked —and hacked in such a way that all prior communications may be decrypted as well as current and future communications.

    Reply
  • These are great moves in the right direction! I hope you will further focus on interoperability as an important priority in the months and years ahead. For example, mechanisms to facilitate key exchange with other services.

    ProtonMail could single-handedly resuscitate DANE as a standard for authenticated, domain-based key exchange by implementing an automated mechanism for key discovery in your interface!

    Reply
  • Still no bridge for Linux, promised for the Spring. Can’t use Protonmail properly, and not going to use an email or VPN that treats Linux users as second class customers. So not renewing paid to use this.

    Reply
  • This is why I was so happy when I found out about OEMEO, strong encryption algorithms should always be federated to prevent single points of failure. By the way, why is the Linux bridge still stuck in beta hell? A lot of the people that I know who still use a dedicated email client use Linux. The ability to import private keys is promising, since it might be usable with enigmail but you probably only accept stuff over the bridge so that wouldn’t work. Also, why no development on tor? Your VPN is good but when it comes to countries like China I’m going to put more faith in domain fronting than an unobfuscated tunnel.

    Reply
  • That’s it, I no longer understand Protonmail.
    Loved it when it was simple, now I don’t know anymore what to configure and how.
    Also, still no bridge

    Reply
    • Hi! Don’t let yourself discouraged. This is a feature tailored more for PGP power users. Your email is as secure and simple to use as always. You can still send end-to-end encrypted email to ProtonMail addressed automatically or by encrypting with the outside when sending to non-ProtonMail users as it is explained in this tutorial: https://protonmail.com/support/knowledge-base/encrypt-for-outside-users/

      Bridge is available already but it is limited to paid plans only. Please read more here: protonmail.com/bridge

      Regards,
      Irina

      Reply
  • Hi I would like ask about possibility create messenger as Skype but with full PGP secure protection and without NSA .

    Reply
    • It’s on our roadmap. There are some priorities before this, but it should happen this year or latest beginning 2019.

      Reply
  • Peter, DANE-based lookup requires all clients to check DNS records (do existing implementations do that?), all servers to support DNSSEC (many do not) and “exotic” records and basically transmits the requests and responses in plain-text.

    Modern GnuPG basically replaces DANE, PKA and other legacy lookup schemes with Web Key Directory (WKD), that goes over HTTPS (so the request is encrypted, except the host name).

    WKD is a lot easier to deploy for servers (just get HTTPS and put binary key in one place) and also for clients (HTTPS libraries are basically present in any programming language).

    Moreover WKD is enabled by default in GnuPG, OpenKeychain, Thunderbird (through Enigmail), Outlook (through GpgOL) and KMail. Openpgp.js also can lookup keys using WKD.

    Reply
  • This implementation of Full PGP support is just what I have been waiting for, thank you Protonmail for getting this up and running.

    However, there are still people that I need to email and receive mail from who do not understand PGP, can’t implement it, and are on corporate systems, so I have to resort to the Encrypted Email for external users, and add a password for each email.

    One of the features that I see on Tutanota is a ‘sticky password’. In other words agree a password with that individual, and it will remain the same no matter how many external emails I send them until we agree to change the password. (or I can convince them to join Protonmail…)

    That to me would complete my external encryption tool set, as I would not have to keep a list of agreed passwords externally, or risk having to send a new password to them for every email.

    Reply
  • Does this encryption just exist for the e-mail message itself – i.e. if an attachment is included with an e-mail, is the attachment encrypted too?? for example a Word document attached to a message.

    Reply
  • Great feature!
    Unfortunately, in my case it doesn’t solve the problem. I’d need s/mime encryption as my most important communication partner only supports that.
    Could somebody please comment on that topic? Is it in the pipeline? Or did the Proton guys decide against it? And if so, why?

    Reply
    • We are not need to support s/mime as it seems very broken from a security standpoint. For instance, the efail PGP vulnerabilities on most clients were patched, but there seems to be no solution for s/mime. We encourage your communication partner to also get ProtonMail to get the highest level of security with the most ease of use.

      Reply