How to use ProtonMail to send encrypted and secure emails

ProtonMail secure email service
ProtonMail

ProtonMail is a secure email service that prioritizes privacy and security. You can use the service to send encrypted messages that should only be read by the intended recipient. There are several ways to do this, depending on the email or security provider the recipient uses.

Option 1: Email another ProtonMail user

If you are sending a message to another ProtonMail user, your email will be automatically encrypted. The recipient will not need to do anything to decrypt the message and can simply click or tap the email to read it.

Every part of the process undergoes some form of encryption. The connection between your computer and the server is encrypted, the email content on the server is encrypted, and only the recipient has the correct key to be able to decrypt the message at the other end. Attachments are also insured.

Domains that use @ protonmail.com, @ protonmail.ch, and @ pm.me will use this high-level encryption. ProtonMail also allows you to use a private domain name with the service, so it is also possible to use internal encryption on non-ProtonMail domains.

Email encrypted internally by ProtonMail

You will know that an email is coming from a ProtonMail account (and therefore has been encrypted internally) when you see a purple lock in the “From” field next to your contact’s email address.

To communicate with someone securely, you may want to ask them to set up a ProtonMail account just for that purpose. They can even configure ProtonMail to send them a notification email every time they get a new secure message in ProtonMail. The content of the message remains private and they can log into ProtonMail to view it.

RELATED: What is ProtonMail and why is it more private than Gmail?

Option 2: configure PGP with non-ProtonMail users

PGP stands for “Pretty Good Privacy” and is an end-to-end encryption method compatible with email that uses both a public key and a private key. PGP allows you to send encrypted emails to people who don’t use ProtonMail, as long as they have PGP configured.

To send an email to a recipient using PGP, you will need to know their public key (and to receive an email encrypted with PGP, the recipient must know their public key).

Key exchange is an important part of this process. You can attach your public key to any outgoing email by clicking the “More” drop down button in the email compose interface and checking “Attach public key”.

Attach your PGP public key in ProtonMail

You can set this behavior as the default in Settings> Security by enabling “Automatically attach public key” in ProtonMail preferences.

Automatically attach public key to outgoing ProtonMail messages

The recipient must send their public key to receive their encrypted email, so they will have to communicate it. You can add a recipient’s public key to your ProtonMail account using a few different methods:

  • By clicking the “Trust Key” button that appears above an email containing a PGP public key and making sure to check the “Use for Encryption” box in the pop-up window that appears.
  • When adding a contact in the Contacts tab, then click on Advanced settings followed by “Upload password” and locate the file that your contact sent you. Make sure to select “Use for encryption” for outgoing mail.
Trust the Public Key (PGP) in ProtonMail
protonmail.com

With the keys exchanged and associated with the correct email addresses, you should be able to communicate securely, regardless of which email provider the recipient uses.

You will see a green padlock near the “From” field when an email has been encrypted with PGP. If your contact is also digitally signing messages, this green lock will have a check mark.

Email signed with PGP
ProtonMail

PGP is a powerful tool, but its configuration can be confusing. It’s certainly not for everyone, and signing up for a free ProtonMail account (which handles the key exchange for you, invisibly) might be an easier option. Or, instead of using PGP, which can be tricky, you can try the following method.

Option 3: send password-protected self-destructing emails to anyone

Besides offering internally encrypted mail and great support for PGP, ProtonMail has one more security to send secure mail. It’s a trick, but it works fine for your friends who insist on using Gmail, Outlook.com, or any other email service provider.

Is that how it works:

  1. Compose an email message as usual.
  2. The message is encrypted and locked with a password of your choice, and hit Send.
  3. The recipient receives a message telling them that there is an encrypted email waiting for them, along with a link.
  4. The recipient clicks the link, which points to a ProtonMail web page with a password field.
  5. The recipient decrypts the message and can read it in their web browser.
  6. The message expires 28 days later (or earlier) without the content being revealed to any server other than ProtonMail.

This method is much simpler than setting up PGP or convincing your friends to switch email providers, but it is probably not practical for frequent communication.

It’s also worth noting that the recipient could pass the link to anyone else (along with the password), compromising confidentiality. Never assume that a message will remain private just because you have used a service like ProtonMail. You also trust the person you are emailing to keep your communications private.

Encrypt for non-ProtonMail users

To use the feature, compose an email in ProtonMail, then click the “Encryption” padlock icon in the lower left corner of the window. Enter and confirm your password before adding a password hint, if desired. The hint is optional.

Secure email with password

Click “Set” to encrypt the message, then click the hourglass icon “Expiration Time” if you want the message to expire before 28 days.

Set email expiration date

You can then hit Send to send your email as usual. The recipient will not see any of your messages (apart from the password hint) in their inbox, although the message will appear to come directly from their ProtonMail account.

Encrypted ProtonMail Messaged for all email accounts

This method has its uses, but also its drawbacks. Some recipients may not trust your message, as clicking links in the email is not always the best idea. While regular emails can last forever, these messages expire after 28 days and are almost impossible to search for unless you know the subject.

Time to switch to ProtonMail?

ProtonMail is a well established secure email provider, but it is not the only one. Tutanota Y Posting They are two good alternatives, but there are many more.

If you’re coming from Gmail and wondering what you’re going to give up, take a look at our ProtonMail and Gmail comparison.

Leave a Reply