In the latest update of ProtonMail, users can now take advantage of the
full (Pretty Good Privacy) PGP support and address verification tools, for added security. In order to allow others to more easily find your public encryption key to send you a secure message, the email service has also launched its own public key server. Bringing PGP support to the service is important because it now allows users to securely email non-ProtonMail users.
With address verification, users are more protected against (Man-in-the-Middle) MITM attacks. In the past, it was possible for an attacker to intercept communications if ProtonMail was ever compromised. From there, they could engage in communications with others using a fake public encryption key, which the attacker had the private key to, allowing them to read the messages. With address verification, users can opt to trust the public keys used in the emails they receive if they know it’s a legitimate email.
The saved public key is then assigned to the contact in the encrypted contact feature that was introduced in ProtonMail previously. If an attacker decides to send you an email under someone else’s name, you’ll now be able to verify the sender with address verification. ProtonMail describes this as an advanced feature and most casual users don’t need to worry about it.
The other new feature, and probably the most notable, is PGP encryption which means that ProtonMail users can finally send encrypted communications to non-ProtonMail contacts. To accompany this feature, the email service has also launched its own public key server so non-ProtonMail users can find your public key details, allowing them to send you an encrypted message.
