Protonmail is great. I’ve been using the service for a few years and am quite satisfied with it’s usability and security. Protonmail encrypts my email at rest so the email admin can’t see my mail and encrypts email sent to any other Protonmail user.
However, by default, Protonmail does not encrypt your email when you send it to other email services or decrypt encrypted emails from outside.
I discovered today, its not difficult to setup Protonmail to work like Thunderbird with Enigmail to use PGP encryption across the board for true end to end encryption to anyone, regardless of who they use for email. For this discussion, I’ll assume you’re familiar with PGP encryption of email and what are public and private keys. If not, read this.
You can send your Protonmail public key to anyone using a drop down menu when creating an email message. Click on the drop down menu and make sure the “Attach Public Key” option is activated. Then click send and your public key will be attached.
You can also set Protonmail to always send your public key. Go to Settings, then Security and scroll down to External PGP Settings. Enable ‘Sign external messages’ to prevent tampering of your emails. Enable ‘Automatically attach public key’ to automate sending your public key every time you send a message in Protonmail.
Now external email users can send you encrypted emails and Protonmail will automatically decode them.
When someone sends you their public key, Protonmail should recognize an attached key and ask if you want to trust it. Click Trust Key to add the key to your account.
Protonmail will display the fingerprint of the key and ask if you want to always use the key to encrypt email to this address. Turn ‘Use for encryption’ to on. Now when you send emails to this user, your emails will be encrypted even after leaving Protonmail’s system. The knowledge base article on PGP details how you can import keys into Protonmail.
The Lock icon next to the From address will show you the encryption status. Gray for plain emails, green for encrypted emails.
Now your emails are secure to and from non Protonmail email users. Once you set it up, it works on the Android and Apple iOS apps.
Learn more at Protonmail’s help page on PGP — https://protonmail.com/support/knowledge-base/how-to-use-pgp/
WARNING – Check your Protonmail key size. You should be using 4096-bit PGP keys. Read my post about upgrading your key size before sharing your key with everyone.