Sender Verification with digital signatures for messages and attachments

ProtonMail employs different methods to protect your privacy and security. One method of protecting messages from being read by outsiders is our encryption. However, encryption alone doesn’t protect you from all hazards. For instance, if john@example.com sends you an email, how do you know if John actually send you the message and not some malicious outsider? Encryption will protect the confidentiality of messages after it is sent, but it gives no assurances about who sent the email.

To verify the identity of the sender, ProtonMail uses digital signatures, which are similar in some ways to physical signatures, but one important difference is that each signature only signs a specific message, so the message can’t be changed or tampered with after it was signed.

Signature verification on messages

When trusted keys are available, signatures on messages are automatically verified in the browser whenever an email or an attachment is opened. To see whether the message sent has a valid signature you can look at the Sender’s address. A warning sign indicates an invalid signature:

Hover over lock icon next to address that shows if the sender verification failed.

A check mark indicates the message has a valid signature:

end-to-end encrypted from verified protonmail user hover over icon next to address in message view

In case there is no check mark or warning sign on the lock and you have trusted keys, the message has no digital signature. For sent messages, only a warning symbol is shown if it fails verification.

Signature verification on attachments

Just as messages, attachments can be signed as well. This is helpful to prevent criminals from sending you viruses. In contrast to messages, the signature status cannot always be shown when opening the message: the browser needs to download the attachment first before we can verify it.

As soon as the browser has downloaded the attachment for the first time a status icon will be shown if there is a signature. Furthermore, if the signature failed verification, and this could not be seen when hitting the download button, the user is notified before downloading the attachment.

So for instance on embedded images that are tempered with, one will see the following as soon as the embedded image is shown (without downloading the images):

None Verified Attachment

For non-embedded documents, it would only appear after downloading the document:

Verified Attachment

For more info concerning the inner workings of a digital signature, see here.

Does an invalid signature always mean someone tampered with my data?

Not necessarily. Of course, one should always consider that someone has tampered with your messages. But sometimes, someone deleted there public keys or account. This makes it impossible to verify the signature with the right key. In that case the browser will show that the signature is invalid. Most of the time, this is only the case for old messages.