Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Using complex algorithms, a message is transformed into an illegible string of characters. The only way to transform the message back into original format is using a unique encryption key.
End-to-end encryption for ProtonMail users
ProtonMail uses asymmetric encryption to encrypt and decrypt messages you send and receive. Also known as public-key cryptography, messages are secured using a keypair consisting of a public key and a private key.
Emails are encrypted using the recipient’s public key, and can only be decrypted by the intended recipient using their matching private key. This provides end-to-end encryption (E2EE), meaning that only you and the intended recipient can read emails sent in this way.
All email messages you send to other ProtonMail users are encrypted like this. When a ProtonMail user sends a message to another ProtonMail user, the message is automatically encrypted with the recipient’s public key. When the recipient opens the email inside their mailbox, it is seamlessly encrypted in the background using their private key.
The blue lock icon indicates that the message is end-to-end encrypted.
If the correct private key needed to decrypt the message is not present, you will see a Decryption error. This happens when you have reset your password.
If you find or remember your old password after a password reset, you can reactivate your old encryption keys to restore messages in your mailbox.
Emails sent to non-ProtonMail users
It is also possible to send end-to-end encrypted email messages to non-ProtonMail users. If using PGP, emails are secured in the way described above. It is also possible to send non-users E2EE emails using our Encrypt for non-ProtonMail users feature. This secures email messages with a password.