ProtonMail announced two new security related features and improvements yesterday available to all users of the secure email provider.
Address Verification is a new security feature that leverages ProtonMail's Encrypted Contacts feature. Encrypted Contacts allows you to trust public keys of contacts so that the contacts data is encrypted and digitally signed.
ProtonMail states that no one can tamper with the data once it has been trusted; this eliminates the risk associated with a compromise of the ProtonMail service and the sending of fake public encryption keys to read confidential messages.
The default state on ProtonMail is that the service distributes cryptographic keys needed for communication; this was done to make the process as straightforward as possible.
When ProtonMail users use the new security feature, use of specific keys can be enforced which the ProtonMail server or anyone else cannot change or tamper with.
To configure trusted keys for a particular user on ProtonMail do the following:
Trusted senders have a special icon attached to their email address to indicate the enhanced security status.
ProtonMail users can check out this help article on the ProtonMail website for additional information.
The second new feature that ProtonMail launched improves PGP Support. The cryptography that ProtonMail uses is based on PGP.
The two new additions to PGP support are:
ProtonMail launched a new public key server that should make key discovery even easier. For ProtonMail customers, the process is automatic and Address Verification can be used to make it more secure. For non-ProtonMail users, it is now possible to grab the public key of ProtonMail users if they could not retrieve it through other means.
The address of the public key server is hkps://api.protonmail.ch. Note that it cannot be accessed through the browser. Public keys can be downloaded directly by using https://api.protonmail.ch/pks/lookup?op=get&[email protected]
Now You: Do you encrypt your email?Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.