All messages in ProtonMail are labeled with a lock icon that tells you their encryption status. In this article, we explain what they mean.
A lock icon is shown next to every email in your inbox and custom folders.
The encryption status of sent and received emails shows you how the message was encrypted when it was sent and can’t be changed.
Lock icons are also shown in the Composer window and may change depending on how the email is sent. For example, if you set a password for your message using our Encrypt for non-ProtonMail recipients feature, the lock will change from Black (or Green (open) if a PGP signature is attached) to Blue.
What the lock icons mean
The main indicator of a message’s encryption status is the color of the padlock icon. Additional information is provided by a small symbol inside the lock. Please note that encryption only applies to message contents and attachments. Message headers and metadata are not encrypted so that ProtonMail can be interoperable with PGP.
A black lock means that a message is stored with zero-access encryption. This means nobody other than you can read this email in your mailbox. Not even ProtonMail can decrypt this message. However, a copy of this email may be stored insecurely on the sender or recipient’s email server.
You will see a blue lock on emails sent between ProtonMail email addresses. These messages are stored with zero-access encryption, but they also feature automatic end-to-end encryption (E2EE) for an extra layer of security.
This means the messages have been encrypted by the sender on their device and can only be decrypted by the intended recipient on their device. No one else, including ProtonMail, can access E2EE messages.
|Plain — End-to-end encrypted message|
|Checkmark — End-to-end encrypted message with verified recipient/sender. This lock is used for the contacts for whom you enabled the optional Address Verification feature. Address verification and end-to-end encryption allow for a much higher level of security than just E2EE alone.|
|Warning — This lock can appear if you enabled the optional Address Verification feature. It means the message could not be verified using the sender’s trusted key. If you see this warning, you may wish to contact the sender to confirm the authenticity of the message.
It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software. To find out more specific information about the problem, hover your mouse pointer over the lock icon to see a tooltip.
Reasons for a warning lock include:
- The use of an insecure key (for example, an RSA-1024 key or a key authenticated using SHA1)
- The sender changed their key and signed the email with a new key that you haven’t trusted yet
- You reset your password, and the contact signature (containing the trusted key) couldn’t be verified
Green lock (closed)
ProtonMail is interoperable with PGP, allowing you to send and receive E2EE emails with people who don’t use ProtonMail. Messages to people who have correctly set up PGP will be end-to-end encrypted and show a closed green lock. This includes people using WKD keys.
Green lock (open)
An open green padlock shows that a message is not end-to-end encrypted using PGP, but has been digitally signed with a PGP signature. These emails, like all emails, are stored on our servers using zero-access encryption.