When you send an encrypted email with ProtonMail, your message is automatically protected with PGP encryption. What is PGP? This article explains the tech behind our security promise.

PGP stands for Pretty Good Privacy, but the name is an ironic understatement. In fact, PGP is the most widely used email encryption system in the world. When you send messages using PGP encryption, no one can intercept and read your message in transit. PGP has been thoroughly field tested over its decades of use, its few vulnerabilities are well understood, and it has broad compatibility with other encryption clients. For these reasons, we use PGP as the backbone of our security architecture.

This article is part of a series explaining some of the tech behind ProtonMail. We have already covered end-to-end encryption and zero-access encryption. Here we’ll take a look at what PGP is, how it works, and how you can use it to protect your communications.

What is PGP?

PGP is a cryptographic method that lets people communicate privately online. When you send a message using PGP, the message is converted into unreadable ciphertext on your device before it passes over the Internet. Only the recipient has the key to convert the text back into the readable message on their device. PGP also authenticates the identity of the sender and verifies that the message was not tampered with in transit.

Before PGP, your Internet provider, your email provider, hackers, or the government could theoretically read your messages. PGP was developed in the 1990s to allow email and other types of messages to be exchanged privately. Today, PGP has been standardized into OpenPGP, enabling anyone to write PGP software that is compatible and interoperable with other implementations. Several OpenPGP-compliant developer libraries have been created to help programmers implement PGP encryption in their applications. ProtonMail is the maintainer of two of these libraries: OpenPGP.js, for the Javascript programming language (used in our web app), and GopenPGP, for Go language (used in our mobile and desktop apps). OpenPGP.js, in particular, is one of the world’s most widely used OpenPGP libraries and has been thoroughly audited by security experts.

Historically, PGP has been difficult to use, requiring additional software applications on top of your email provider or client. You also have to manually generate encryption keys and exchange them with your contacts. With ProtonMail, PGP is built in and runs automatically and invisibly to the user. When you compose an email to another ProtonMail user and click send, the message encryption and signature are applied automatically. You don’t have to do anything or need any specialized technical knowledge. ProtonMail makes PGP encryption, easy, convenient, and accessible to everyone.

How does PGP work?

It’s useful to see a diagram to understand how PGP encryption works. As you can see, PGP uses a combination of symmetric key encryption (i.e., a single-use session key encrypts and decrypts the message) and public key encryption (i.e., the keys unique to the recipient encrypt and decrypt the session key).



For this article, we’ll stick with the high-level concepts. If you’re interested in the mathematics behind encryption, you can find (somewhat simplified) explainers that digest those topics.

PGP encryption

The first thing PGP does is generate a random session key. This key is an enormous number that is used to encrypt and decrypt the contents of the message. Only someone who knows the session key can read the message, and it is much too large to guess. The session key is also never used again for other messages.

Next, the session key is encrypted using the recipient’s public key. The public key is unique to each person and meant to be shared. Since it doesn’t change, your public key is like an email address. It is tied to you, and anyone can use it to send you an encrypted message.

Each person’s public key corresponds to their private key, which is secret. In PGP, when the recipient receives an encrypted message, they decrypt the session key using their private key. The plaintext session key then decrypts the message.

You might wonder why PGP takes the extra step of encrypting the message and the session key. This is because public-key cryptography is much slower than symmetric cryptography, especially for large messages. It would take too much time and computing power to encrypt and decrypt large emails or files directly using the public key. But symmetric cryptography without public-key cryptography is less convenient because you would need to somehow share the session key with the recipient. To do so in plaintext would not be secure, and to do so via another encrypted channel or in person would be impractical. Therefore, PGP combines the efficiency of symmetric encryption and the convenience of public key encryption.

Digital signatures

There are two other aspects of PGP to note. The first is the digital signature. A digital signature proves to the recipient that an attacker has not manipulated the message or the sender. It does this by creating a unique number (the digital signature) using a combination of the sender’s private key and a mathematical redux (known as a message digest) of the plaintext message. If either the private key or the message is altered, the digital signature is invalid.

Trusting the public keys

Digital signatures help mitigate sophisticated attacks, but how can a sender know that the public key they’re using belongs to the person they think it does? After all, the server could easily give a bogus public key to the sender.

To solve this problem, we introduced Address Verification, which allows you to share your public key and digitally sign the public keys of others that you have personally verified. These trusted public keys are then securely stored in your encrypted contacts.

Additionally, we’re working on a project called Key Transparency. It will automatically verify the public key of each recipient you send email to, without requiring any manual action. We’ll publish a blog post with more details about this feature once it’s ready.

How secure is PGP?

PGP is a battle-tested standard, and we can be virtually certain that even intelligence agencies like the NSA cannot break its encryption. (PGP was the encryption method of choice for Edward Snowden when he leaked classified documents to Glenn Greenwald.) While there have been security bugs with certain implementations of PGP, such as the infamous Efail vulnerability, PGP itself is very secure. ProtonMail has not been affected by any known vulnerabilities.

Like most other information security systems, the biggest weakness is the user. Often the simplest and most effective attacks are the least high-tech, as this comic illustrates. Phishing remains the most common kind of cyberattack, and PGP cannot protect you if your device or accounts are compromised. (Check out these email safety tips.)

How to use PGP encryption

As far as security goes, PGP doesn’t make things any easier on the user because the program is notoriously complicated. Most people who aren’t tech savvy would never bother to learn how to use it. And people who do know how to use it often don’t because it’s too tedious. While there are programs for Thunderbird, Outlook, and Apple Mail that enable PGP encryption, these are not practical solutions for everyday emails.

ProtonMail solves this problem by making PGP encryption automatic and built-in for all emails sent between ProtonMail accounts. You can also easily encrypt emails to non-ProtonMail users. Anyone can create a free ProtonMail account in a minute or two and immediately start sending PGP emails. ProtonMail can also offer a high level of privacy because we don’t require any identifying information to create an account.

ProtonMail also offers full PGP support, allowing advanced users to send and receive PGP-encrypted emails from non-ProtonMail users right in their mailbox. For traditional PGP users, this is by far the simplest way to communicate with other PGP users while still having the convenience of ProtonMail. Follow the link to learn how to use ProtonMail as your PGP client.

Final thoughts

As supercomputers get faster and new encryption standards gain popularity, ProtonMail will continue to adapt to new cyber threats and the needs of our users. Our cryptographers are working hard on new projects, like Key Transparency and Source Code Transparency. We also recently upgraded our users to elliptic curve cryptography, which maximizes security and efficiency. With the support of our community, we’re building a safer Internet upon its time-tested foundations.

Best Regards,

The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

Article updated Aug. 27, 2019

