For usability reasons, Proton Contacts encrypts different contact fields in different ways. In this article, we look at:
- How your contacts are encrypted
- How to use digital signatures to verify your contacts haven’t been tampered with
- How to search within encrypted contacts
- How to merge duplicate contacts.
What is encrypted?
Display name and email address
Your contacts’ display names and email addresses are encrypted at rest but are not secured using zero-access encryption. This means ProtonMail can access this information.
The reason for this is access to this information is essential for some of our advanced features to work. These features include auto-complete in the composer, spam filtering and whitelists, filters, search, and conversation/threaded view.
In addition to the display name and email address(es), you can store other personal information for each contact in the contact’s detail fields. This includes the contact’s phone number(s), address(es), organization, birthday, and notes.
This information is stored using zero-access encryption, so ProtonMail cannot access it. Fields secured by zero-access encryption show a padlock icon.
Why encryption is important
Contact information, in particular, can be very sensitive. Any details saved inside a contact’s detail fields (with the padlock icon) are encrypted so that no one — not even ProtonMail — can access this data, modify it, or share it with third parties.
Digital Signatures within contacts
All contact data, including the display name and email address(es), is digitally signed with a special private key linked to your account. This private key is only used to sign your contacts and allows you to verify that your contacts have not been tampered with or edited while they were in transit between your device and ProtonMail’s servers. This means that ProtonMail itself cannot secretly tamper with any of your contact data.
Since ProtonMail version 3.12, all contacts are automatically digitally signed. Older contacts that existed before this time may not be. If in doubt, we recommend creating a new contact and transferring the old details over to it (exporting a contact and then re-importing it will achieve the same effect).
If the digital signature verification for a portion of your contact’s data fails, you will see the following warning:
You now have two options:
1. Restore your encryption keys using your ProtonMail password. This is the preferred option since all your contact information will be retained.
2. Click the Re-sign button to the right of the warning message. If you do this, however, all data in the detail fields will be lost (only the display name and email address(es) will be retained).
Search within contacts
At the top of the Contact page there is a search bar that allows users to search contacts. This search will only return results for information stored within the display name and email
address fields, as the other fields are encrypted and inaccessible to ProtonMail.
If you are looking for a specific piece of information within a contact’s detail fields, we recommend searching for the contact’s name and then clicking on that contact to see the encrypted details.
You can import contacts into ProtonMail by uploading a vCard (VSF) or CSV file. Please see our support article on Adding and importing contacts for more details.
You can export all your contacts, or you can export individual contacts. To export all your contacts, open the Proton Contacts web app and go to Settings → Proton Contacts → Import & Export → Export contacts.
Your contacts will then be decrypted in the browser. Once this is done, you can Save them to your default download folder as a VSF file.
To export individual contacts, open the Proton Contacts web app, find the contact you wish to export, and click the Export icon on the top right of the contacts details. The contact will be saved to your default download folder as a VCF file.
Merging duplicate contacts
At this time, ProtonMail does not support duplicate detection, although duplicates are easy to find since contacts are automatically sorted by Display Name in alphabetical order.
Once duplicate contacts have been identified, you can merge them. Simply select all the contacts you would like to merge and click the Merge button above the Contacts list.
Please see How to merge duplicate contacts for more information on this subject.
What to do if you are unable to decrypt your contact details
The private key is encrypted using your password. If you reset your password, you will also change your private key. This will irreversibly prevent you from using your password to decrypt your contacts, so please remember:
Changing your password will result in your contacts being permanently encrypted with no way to decrypt them.
We therefore recommend periodically exporting your contacts so you have a backup if you ever lose your password. This backup file can then be imported again, as described in Adding and importing contacts.