Introducing ProtonMail Contacts – the world’s first encrypted contacts manager

Today we’re launching a new contacts manager, the first one in the world that includes both zero access encryption and digital signature verification.

Starting with Version 3.12 of ProtonMail, we have rolled out a brand new version of Contacts for ProtonMail. The new ProtonMail Contacts was in development for over a year and is an essential next step in our broader security roadmap. In addition to adding a much more powerful contacts functionality to ProtonMail, our new contacts manager provides the world’s first tool for securely managing your contacts.

What is an Encrypted Contacts Manager?

ProtonMail’s new contact manager uses zero-access encryption in order to protect the details of your contacts. Zero-access encryption means that the protected contact fields are encrypted in such a way that only you are able to decrypt and read them, not even ProtonMail can read them. In our new encrypted contacts manager, the protected contact details are shown within an area with a lock icon.


The addition of encrypted contact fields brings many security benefits. For example, if you are a journalist with a confidential source, it is very important to protect the phone number or address of that source. Using the notes field in contacts, you can also add other information about the contact that will be protected with zero-access encryption. In order to do email filtering, we do not use zero-access encryption for email addresses – doing so also does not significantly improve privacy because as an email service, we necessarily must know who you are emailing in order to deliver the message.

Digitally Signed Contacts

The new ProtonMail Contact does more than just protect contact data fields with zero-access encryption. We also utilize digital signatures to verify the integrity of contacts data. Digital signatures are used for all contact fields, including the email address itself, and are denoted by the icon.

The concept of digital signatures is technically complex, and is explained in more detail here, but in more simple terms, what digital signature verification does is provide a cryptographic guarantee that nobody (not even ProtonMail) has tampered with your contacts. Thus, you can be absolutely sure that the contacts data is precisely what you entered.

This is a big security benefit for many reasons. For example, if an attacker wanted to intercept the communications between you and a sensitive contact, one way to do it could be to secretly change the email address or phone number you have saved for that contact, such as changing to, which might escape your notice. However, because ProtonMail contacts are now digitally signed, an attempt to tamper with your contacts would lead to the following error being displayed.


How does it work?

For those who are technically inclined, this section discusses how ProtonMail’s encrypted contacts manager is implemented. For each email account, we generate a new private and public key pair that is used exclusively for encrypting contacts. The private key is generated on the client side and encrypted using a derivative of your password which we don’t have access to, meaning that we can never access your contacts private key. Encrypted contact fields are encrypted with your contacts public key and therefore can only be decrypted with the corresponding private key which only you have access to. Digital signing is done by signing the data with your private key which allows the authenticity of the data to be conclusively verified on each subsequent data access. For full implementation details, it is possible to check out our source code.

What’s next?

The immediate security benefits of encrypted and digitally signed contacts are quite obvious. However, our new encrypted contacts manager also provides the foundation for a number of upcoming security enhancements that we are adding to ProtonMail in 2018. For example, our new contacts manager can also be extended to store public keys, which is an essential component for both sending PGP messages to people who don’t use ProtonMail, verifying the integrity of the keys themselves, and verifying the authenticity of received messages via digital signatures. We are working on these, and many other security enhancements, and look forward to sharing them with the ProtonMail community in the future.

In the nearer term, we will be working on also rolling out the new encrypted contacts manager to our iOS and Android encrypted email mobile applications (currently, our new contacts manager is only available on the web version of ProtonMail). For an overview of all of the features that were released in this latest version of ProtonMail, you can view the release notes here.

Best Regards,
The ProtonMail Team

You can read the encrypted contacts press release here.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Proton Team

Proton was founded by scientists who met at CERN and had the idea that an internet where privacy is the default is essential to preserving freedom. Our team of developers, engineers, and designers from all over the world is working to provide you with secure ways to be in control of your online data.


Comments are closed.

42 comments on “Introducing ProtonMail Contacts – the world’s first encrypted contacts manager

    • The encrypted contacts manager will be available in the ProtonMail mobile apps by the end of 2018. Thank you for your patience!

      • awesome!! is calendar integration also already on the roadmap? If yes could ypou share some insights? Thanks!

        • Yes it is on the roadmap. For the moment we cannot share info about it but we hope to have something to show by the end of the year.

  • While I appreciate the encrypted contacts very much, my understanding of this post is that the name and email fields will not be encrypted? This means that under court order you could release these details? To use your example of a journalist; if one of their contacts was Edward Snowden and the US Government convinced a Swiss Court to order you to release the name and email address from their account, then the Americans would know this? I ask because I am a journalist and if I know that my contact names and email addresses can be released under court order, then I dare not use contacts. This isn’t really any different than was governments are doing now, trolling for metadata to find people to investigate. I am paying ProtonMail user, and adore the service, but want to understand the security involved. Thanks.

  • I just love this change and will even more once integration for storing public keys and verification of the same arrives. Great work to the team

  • This is a great new function. Just discoverd it in your blog and check it in my profile. Looking forward using it. I think you already thought about the same function for password storage? That would be a great additional function which I would appreciate. I don’t want to use five different services – I like it centralized :).

  • I use ProtonMail on 2 laptops plus a phone and a tablet (same account) How can I distribute the private key for contacts among my devices?

    • The encrypted contacts manager is not yet available on the mobile apps. We have it planned for release by the end of the year, if all goes well.

  • Thank you for another great development, frankly, a feature I did not know was possible!

    In reference to the first published comment above, what about the user assigning random numbers to sensitive contacts in the list? And, one step further, recommending to the contact, that the contact get a protonmail account? With an anonymous email address using random numbers, instead of typical addresses with name or initials or birthyear?

    I admire and support journalists, activists, and citizens who must be wary while exercising their basic human civil rights, and for providing the necessary, and best available tools. Ask ourselves, is there anything in the market better right now for us? I doubt it. I am grateful to you, protonmail, for providing this service and for allowing open discussion of the few limitations to your service–no one device in the toolbox will be perfect for every situation: we must choose the best one available and be prudent about it.

  • The article suggests the feature is available to all users. When I log into the web mail on my iPad the feature is shown as only for paying customers. Is it me or is this feature NOT for all users?

  • I think that the problem of secrecy can never be fully resolved because the computer, where the user reads the mails, could have a virus installed so it is possible to see the content in plaintext of the information. To ensure privacy it is necessary to use a dedicated tool produced specifically.
    Best regards

  • There is no ability to export as a CSV file, only VCF? Why? VCF is practically useless other than for importing into a mobile phone. To sort and edit data in a spreadsheet requires CSV import.

  • Great job as usual!
    I understand from the article, that ProtonMail contacts is only limited to the PM app.
    Is it planned to also be able to sync ProtonMail contacts with iPhone contacts (like in gmail contact sync for example)? If yes, when?

    • The names and email addresses are not encrypted. We need to see them in order to deliver emails to your recipients.


  • I am having problems with my email. I changed the phone number therefore, I am unable to get the 2FA number.

  • I’m on Android 1.10.5 (591) and still waiting for the ability to sync PM contacts with the phone. When is that going to happen?

    • You can upload contacts from the device to your ProtonMail account. We will look into options to sync any changes between the device and your ProtonMail account, but for now we are not working on this. Thank you for your understanding.

  • It would be neat if there was a suite for Android or IOS that maintained an encrypted DB but handed off to thesuite application by default. Like for instance, my default call log is not encrypted. The encrypted contacts details do not invoke the native apps, just copies to the clipboard.

  • Its REALLY wonderful and I wish them in THEIR EVERY effort to PROTECT EVERY individual’s Privacy, GLOBALLY, without being monetized !

    Additionally, I wondered when I read message ” Asking Number because i have many accounts of ProtonMail to ensure it isn’t spam” while making its ONLY a second account. I, STILL, wonder why it said about many accounts.

    I hope ProtonMail Team IS reading this and will respond :) Because I, STILL, TRUST YOU ALL.

    All the BEST (Future’s Totally Secure e-Mail Service for People’s Privacy).

  • I forgot my password and changed the password , all my files are decrypted can’t open ….is there anything possible to encrypt it pls ??

  • Can please make a seperate contacts app instead of combining it with mail. I would be great to see it.

    • Hi Jim. Yes – you access your Proton contacts in any of our apps (including the web app).