With Pretty Good Privacy, or PGP for short, you can lock your email messages so that only the intended recipient with the key can view them. ProtonMail is one of the few email services that supports this feature without additional software.
How does PGP work?
PGP works with public and private keys. To send an encrypted message to someone, you need to know their public key. By signing your outgoing message with their public key, they can then decrypt it with their private key. End-to-end encryption makes it nearly impossible for anyone to intercept your message. As the name suggests, you should never reveal your private key to anyone else.
Using PGP in most email clients requires the use of additional software (such as FlowCrypt or Mailvelope) to handle the decryption and encryption process. But ProtonMail already supports OpenPGP natively, which means you can set it up for use with specific email addresses and then forget about it.
You can use PGP with a free ProtonMail account or a paid account ̵
Tip: If you are already sending an email to another ProtonMail user, don’t worry about this as messages sent between ProtonMail addresses are already end-to-end encrypted anyway. This is only necessary if you want to exchange encrypted messages with people who are not using ProtonMail.
RELATED: What Is ProtonMail and Why Is It More Private Than Gmail?
Step 1: Share your public key
To set up secure email communication via PGP, you must first exchange keys with whoever you are communicating with.
If you haven’t already done so, sign up for a ProtonMail account and log in. Click the “Compose” button in the top left corner of the screen to write a new email. Enter the address of the recipient for whom you want to establish encrypted communication.
Then click on the “More” drop-down menu and make sure “Attach public key” is checked. You can now add a message to your email to notify the recipient that your public key is attached. You can automatically add your public key to all outgoing email under Settings> Security by enabling “Automatically attach public key” under PGP settings.
Step 2: Trust your contact’s public key
Next, you want the person you are communicating with to share their public key. How they do this ultimately depends on how they use PGP, but it will take the form of a small file attachment. When you receive this email, ProtonMail will notify you that a public key is attached and ask you to trust it.
Click on “Trust Key” and make sure “Use for Encryption” is checked in the popup that appears. This registers the public key next to the email address that sent it.
If the recipient sends you the public key in another way, you can click “Contacts” at the top of the page and create a new contact. Use the same email from which the key was received and upload the file you received. Again, make sure to select “Use for encryption” so that you can sign outgoing email.
Tip: You can also manually upload a recipient’s public key with ProtonMail’s Contacts. See the ProtonMail documentation for more information.
Communicate securely now!
Now that the keys have been exchanged and your address book has been updated with the correct keys, you should now be able to communicate securely with your contact. You must repeat this process for all other contacts you want to use PGP with. This process is likely why PGP remains a relatively obscure (but effective) encryption tool.
ProtonMail will automatically encrypt and decrypt messages if you have correctly set up PGP. You can tell that a message is encrypted via PGP when you see the green padlock icon in the “From” field (email from other ProtonMail users is indicated with a purple padlock).