![]() When creating an email to a recipient who is not using ProtonMail, you generate a new password that is used to derive a symmetric key that is used to encrypt the message. PM-to-Other emails do not use asymmetric encryption. They don't mention signing emails with your private key but this should also be equally possible and transparent. This can be transparent to the users of the system. Since they wrote the code that generates the private keys and sends the public keys to the server and they know the recipient of the email before encrypting, they can encrypt with the recipient's public key and the recipient can decrypt with their private key. There are two different cases here: ProtonMail-to-ProtonMail and ProtonMail-to-Other mails.įor PM-to-PM emails, the system is in a position to handle public-key/private-key distribution. The original is still available in the edit history. I have substantially altered this answer after the answer from Jason and an email conversation. I apologize in advance if my answer only makes sense to crypto people. ![]() But something like that is a week long project in itself. We will eventually write a whitepaper with full details that anybody can understand. We have a couple other tricks as well for getting around the horrible performance of RSA. ![]() You need to somehow communicate this password to the recipient. If you select to encrypt, we use symmetric encryption with a password that you set for that message. So do we store your private key, yes, but since it is the encrypted private key, we don't actually have access to your key.įor PM to Outside emails, encryption is optional. Then the encrypted private key is pushed to the server so we can push it back to you whenever you login. As for the private keys, when you create an account, it is generated on your browser, then encrypted with your mailbox password (which we do not have access to). I am Jason, one of the ProtonMail developers.ĭecryption uses a combination of asymmetric (RSA) and symmetric (AES) encryption.įor PM to PM emails, we use an implementation of PGP where we handle the key exchange.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |