ProtonMail introduces pgp support and address verification

ProtonMail has announced support for pgp, along with a feature it refers to as address verification. The changes should allow users to use the service as a replacement for their current pgp client.

ProtonMail writes that although its own encryption is based on pgp, until now there was no full support for it within its service. That has changed with the release of version 3.14 of its webmail and version 1.9 of its mobile clients. For example, PGP allows users to send encrypted emails to recipients who do not use ProtonMail. For that, they need to import the public key. It is also possible to receive pgp emails from any pgp user by exporting and sharing their own public key. To facilitate this, ProtonMail has also created its own key server.

A second new feature is address verification. The organization sees this as an additional security measure to prevent an attacker from replacing a contact’s public key with a malicious key, allowing him to decipher intercepted communications. ProtonMail mentions the scenario that it was taken over by an attacker. The feature works by allowing users to mark their contacts’ public key as “trusted” and then store it in the encrypted contact list. That should protect the key from being modified.

ProtonMail is a service that has been offering encrypted email since 2014. Pgp stands for Pretty Good Privacy and is a method of encrypting content based on a secret private key and a public key.