ProtonBlog(new window)

Introducing Proton Mail Contacts — the world’s first encrypted contacts manager

Share this page

June 2022: This post has been updated to better reflect how Proton’s encrypted contacts manager works in 2022. 

Today we’re launching a new contacts manager, the first one in the world that includes both zero access encryption and digital signature verification.

Starting with Version 3.12 of Proton Mail, we have rolled out a brand new version of Contacts for Proton Mail. The new Proton Mail Contacts was in development for over a year and is an essential next step in our broader security road map.

In addition to adding a much more powerful contacts functionality to Proton Mail, our new contacts manager provides the world’s first tool for securely managing your contacts.

What is an encrypted contacts manager?

Proton Mail’s contacts manager is not a stand-alone app. It is instead built into our other products (notably Proton Mail(new window) and Proton Calendar(new window)) so that you can easily access your contacts when performing a task. For example, when writing an email or inviting someone to an event.

The name and address fields are not encrypted (although they are digitally signed – see below). This is so that we can actually send and receive the emails. Everything else is fully end-to-end encrypted to ensure that only you can read the contact details. 

Learn more about how encrypted email works(new window)

In our encrypted contacts manager, contact details protected by end-to-end encryption are shown with a lock icon when you edit a contact.

Encrypted contact feilds

End-to-end encrypted contact fields brings many security benefits. For example, if you are a journalist with a confidential source, it is very important to protect the phone number or address of that source.

Using the notes field in contacts, you can also add other information about the contact that will be protected with end-to-end encryption. 

In order to do email filtering, we do not encrypt email addresses – doing so also does not significantly improve privacy because as an email service, we necessarily must know who you are emailing in order to deliver the message.

Digitally Signed Contacts

The new Proton Contacts does more than just protect contact data fields with end-to-end encryption. We also use digital signatures to verify the integrity of contacts data. Digital signatures are used for all contact fields, including the email address itself.

The concept of digital signatures is technically complex. But in simple terms, what digital signature verification does is provide a cryptographic guarantee that nobody (not even Proton Mail) has tampered with your contacts. Thus, you can be absolutely sure that the contacts data is precisely what you entered.

Learn more about digital signatures(new window)

This is a big security benefit for many reasons. For example, if an attacker wanted to intercept the communications between you and a sensitive contact, one way to do it could be to secretly change the email address or phone number you have saved for that contact, For example, changing john.smith@proton.me to john.snnith@proton.me, which might escape your notice. 

However, because Proton Contacts are now digitally signed, any attempt to tamper with your contacts will result in the following error message being displayed.

Verification failed message

How does it work?

For those who are technically inclined, this section discusses how Proton Mail’s encrypted contacts manager is implemented. For each email account, we generate a new private and public key pair that is used exclusively for encrypting contacts.

The private key is generated on the client side and encrypted using a derivative of your password which we don’t have access to, meaning that we can never access your contacts private key. 

Encrypted contact fields are encrypted with your contacts public key and therefore can only be decrypted with the corresponding private key which only you have access to. 

Decryption failure message

If you change your account password, Proton will not be able to decrypt your contact details. You can, however, reactivate your encryption keys(new window) to gain access to your contacts

Digital signing is done by signing the data with your private key which allows the authenticity of the data to be conclusively verified on each subsequent data access. For full implementation details, it is possible to check out our source code(new window).

Always improving

The immediate security benefits of encrypted and digitally signed contacts are quite obvious. However, since its release in 2018, we have worked hard to improve our contacts manager with new features and security enhancements. 

For example, our contacts manager can now store public keys, which is an essential component for both sending PGP messages to people who don’t use Proton Mail; verifying the integrity of the keys themselves, and verifying the authenticity of received messages via digital signatures. 

We have also rolled out the encrypted contacts manager to our iOS and Android encrypted email apps, where you can easily import your phone contacts into Proton Mail. Please note that doing this gives Proton access to your contact names and email addresses.

On our road map is contact synchronization between your mobile device and the rest of the Proton ecosystem. 

You can read the encrypted contacts press release here(new window).

You can get a free secure email account from Proton Mail here(new window).

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support!

Protect your privacy with Proton
Create a free account

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail
what is a digital footprint
What you do online isn’t private. Everything you do leaves behind some kind of mark. This trail is often referred to as a digital footprint, and it’s used to track you in many different ways. In this article, we go over what a digital footprint is, h
In February 2024, media reported that Indian authorities may decide to block Proton Mail. Proton Mail is still available in India despite any reports suggesting otherwise.  In response to hoax bomb threats that were sent through Proton Mail, some me