5

I've been trying to grasp how Protonmail could work.

From what it gather, it works like this:

When you signup, you create an account password and a mailbox password. A PGP private/public key pair is made using the mailbox password.

When you log in, you enter the account password to verify your identify, then your encrypted mail and the encrypted private key is sent to the client. The user then enters their mailbox password, which decrypts the private key, which is then used to decrypt the mail.

When mail is sent from a Protonmail account to a Protonmail account, it fetches the associated public key for that user and encrypts it with that.

Now what I don't understand is how external email accounts are treated. If, for example, my bank sends me an email, it's going to be sent in plain text, which defeats the purpose of the elaborate PGP'ing. There's no point of encrypting it when it reaches the servers, as it probably already has been intercepted in transit. This wouldn't be a problem if it was encrypted, but it isn't.

Could someone explain this to me?

techraf
  • 9,141
  • 11
  • 44
  • 62
anonkun
  • 51
  • 2

1 Answers1

3

This is explained on their security details page:

Securely communicate with other email providers.

Even your communication with non-ProtonMail users can be secure.

We support sending encrypted communication to non-ProtonMail users via symmetric encryption. When you send an encrypted message to a non-ProtonMail user, they receive a link which loads the encrypted message onto their browser which they can decrypt using a decryption passphrase that you have shared with them. You can also send unencrypted messages to Gmail, Yahoo, Outlook and others, just like regular email.

When you send an encrypted mail to some other mail provider, they don't receive your message. They just receive a link where they can read the message. To do this they need a password which you need to send them through some other channel.

This, of course, doesn't work the other way around. The protocol used by ProtonMail is non-standard which means that no other email service supports it. However, when both mailservers support the STARTTLS SMTP extension, they can exchange mail via TLS-encrypted SMTP. This doesn't prevent the mailservers from learning the content of the messages, but leaves any eavesdroppers between them out of the loop. So when you assume that:

  1. The sender uses SMTP with STARTTLS to communicate with their mailserver
  2. The senders mailserver is trustworthy
  3. The senders mailserver supports STARTTLS and is configured to use it for outgoing connections
  4. ProtonMail supports STARTTLS (apparently they do)
  5. ProtonMail is trustworthy (immediately encrypts any non-encrypted emails you receive with your public key and then securely deletes the original)

then your email is secure. Unfortunately the points 1, 2 and 3 are outside of your control.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • Support for STARTTLS is not sufficient, as lots of MTA support STARTTLS to forward the mail to the recipients MTA, but neither enforce the use of STARTTLS nor verify the peers certificate properly. Thus man-in-the-middle attacks to downgrade the connection to plain SMTP are usually possible as do attacks with a fake certificate. – Steffen Ullrich Nov 02 '14 at 20:33
  • I'm asking as I plan to setup my own private mail service similar to Protonmails. So, even if another person sends plaintext unencrypted emails, but they do it via SMTP and STARTTLS and verify the peers certificate, it should be relatively secure? – anonkun Nov 02 '14 at 23:29
  • @anonkun It should be relatively secure under the condition that 1. the other mailserver doesn't reveal the content of the mails and 2. you don't keep an unencrypted copy around. – Philipp Nov 02 '14 at 23:55