Using Elliptic Curve Cryptography (ECC) with your ProtonMail account

ProtonMail allows users to choose which kind of encryption keys to use for their accounts. 

By default, accounts are created with RSA 2048-bit keys, which are known to be fast and sufficiently secure for most users, and have the widest compatibility with other PGP implementations. 

Once your account is created, it is possible to change your primary keys to RSA 4096-bit (which is more secure, but slower) or X25519 ECC (Elliptic Curve Cryptography) keys (which are also more secure, faster, and still compatible with almost all other PGP implementations).

This article provides instructions for changing your primary keys to X25519.

READ THIS: It is extremely important that you DO NOT DELETE YOUR OLD RSA KEYS. If you do, you will lose the ability to decrypt all your existing emails. Please follow the instructions here closely.

First, you need to have a ProtonMail account

It is only possible to add ECC keys after you have already created a ProtonMail account.

When you create a new account in ProtonMail, the first thing we do is generate your keys. On the web version, by default new accounts are created with RSA 2048-bit keys. If you are using one of our mobile apps, you will be presented with two options:

Compatibility RSA 4096-bit (Secure but slow)

Compatibility RSA 2048-bit (Older but faster)

Next, create your ECC keys

Once you’ve created your ProtonMail account, here’s what to do next:

1. Upgrade your RSA keys for each email address by logging in to your account at mail.protonmail.com, clicking on Settings, and opening the Keys page. 

2. Click on the “Add New Key” button and select the address for which you want to add ECC keys.

3. Then select:

State-of-the-art X25519 (Modern, fastest, secure)

And click on “Generate Keys”. You will be asked to enter your account password.

4. Click on the arrow next to your email address to reveal the key details. In the ECC key row, click on the dropdown menu and select “Make Primary.” This will ensure that all future emails are encrypted using your ECC key.

When you add a new email address to your account (paid feature), you can select ECC keys from the start.

Again, it is extremely important that you DO NOT DELETE YOUR OLD RSA KEYS. If you do, you will lose the ability to decrypt all your existing emails. Simply leave your old keys active; they will be used to decrypt old messages.

If you wish to continue using RSA encryption, your emails will still be safe, but your mailbox might move slower, especially on mobile devices. For the vast majority of users, ECC is the better method. (Some advanced users who receive PGP-encrypted emails from non-ProtonMail addresses that are not compatible with ECC, such as those using a version of GnuPG earlier than 2.1, may decide to stay with RSA keys.)