An Introduction to using PGP with ProtonMail

So I have a free account and until recently I never played around with it much. Mainly because I had originally thought there were some PGP limitations around free accounts.

However that is not the case. Here is a simple explanation on how you you and a non protonmail user can interact with each other over PGP. Just a warning this is a really basic explanation. Using PGP is on a panacea of privacy. There are other factors to worry about such as using a VPN prior to logging into an email services, email metadata, and even PGP metadata. (Ever had lots of contacts sign your PGP key?) ;)

Now that is out of the way I am going to demonstrate this with a gmail account using the mailvelope extension. The assumption is you already have a encryption key generated.

When composing a new message I am going to click on the mailvelope icon on the right of my compose message. The icon looks like this

This will open up a separate composer. The reason for this is unencrypted text doesn’t end up in your draft folder in case you have an email compromise. For the purpose of this email I am sending it unencrypted but attaching my public key and signing my message. When I am done I will click the sign only option.

At this point I will type in my private key password

So my email is almost ready to send. Like I said I need to attach my public key to the message before sending. So in the google compose I will need to attach the file.

After I am done I send out the message. Notice below in my compose message I have attached my public key.

At this point I will log into my proton mail box and the email has arrived. It will look like below.

I am going to click trust key. At this point I can do some verification on the key. If possible meet in person to verify the key or use something such as signal to ensure you did indeed receive the right key from your contact.

You may notice from the above screen shot I’ve signed it with EDDSA (Edwards-curve Digital Signature Algorithm). My Encryption subkey is ECDH based on the curve25519 algorithm. I am explaining this as proton mail supports more than just RSA encryption keys. At this point I am going to trust the key. We definitely want to use this for encryption for future correspondence with the email address.

At this point the contact is listed in the address book even though I am running the free version.

When composing a new email in proton mail your email will be flagged for PGP encryption since your contact gave you their public key.

This is just the basics of PGP correspondence between protonmail and non proton mail addresses.