ProtonMail 101: How to Send End-to-End Encrypted Emails to Non-ProtonMail Recipients

Sep 6, 2017 05:56 PM
Sep 8, 2017 12:37 AM
636402919157998512.jpg

It can be hard to get all of your friends, family, coworkers, and acquaintances to jump on board with the more-secure email system ProtonMail, but that doesn't mean you can't still send them encrypted emails. Best of all, they won't even have to install any other apps or extensions to read or reply to the messages.

By default, emails sent from one ProtonMail user to another use asymmetric cryptography to provide end-to-end encryption. The sender uses the recipient's public key to encrypt the message, then the recipient decrypts the message with his/her private key. All of this is done automatically with no work from the users.

When sending emails to somebody that's not using ProtonMail, messages are encrypted with TLS, but only if the other email service supports it. Most do support it, so that's a good thing, but this also means that those services will be able to read the messages. Not good, and that's why ProtonMail offers a way to offer end-to-end encrypted messages for outside email addresses using symmetric cryptography.

In ProtonMail's symmetric-key encryption, the sender would turn the message into ciphertext using a custom key (password) which is either shared or already known by the recipient. After the encrypted message is sent, the recipient then receives a link to open the message. When they open it, they would input the key (password) to decipher the message locally on their computer.

Before diving right in, note that all messages sent with end-to-end encryption to non-ProtonMail users will expire after 28 days whether they were read or not.

Sending Secure Emails to Non-ProtonMail Users

To start, open a new draft in your ProtonMail app for Android or iPhone, then fill it out like normal. When your message is composed, simply tap the "Encrypt for Outside" button (the lock icon) underneath the subject line, then set a password and confirm it.

It's likely that your recipient will have no idea what the password will be unless you call or message it to them in another manner, which may be too much work. So you're better off adding a "hint" here so they can figure out the password without any more work on your part. Make the hint a question only they would know the answer to and have that answer be the password.

636402296016589809.jpg
636402296338152298.jpg
636402297237058717.jpg
636402296016589809.jpg
636402296338152298.jpg
636402297237058717.jpg

Once you're satisfied with your password and hint, tap the "Apply" button. You should now see a green check mark next to the lock icon, which lets you know it's safe to send now. Now all that's left is to hit the send icon (the paper plane). As soon as you hit send, the countdown begins for its 28-day lifespan.

Reading Secure Emails from ProtonMail Users

To get an idea of how easy this is for your recipient, I'll show you how it works for them right now using a Gmail address as an example.

As you can see below, the message itself is not contained within the initial email. Instead, it shows that a secure message was sent to them with a link to open it and the date of expiration. Also included, as you can see, is the password hint. It's easy to miss since it's in a small font, but it's there should they need it.

When they tap on the "View Secure Message" link, it will open up in their mobile browser, where they'll need to input the password and tap "Decrypt" to see the message. If they want to reply in a secure manner, they would tap the "Reply Securely" button in the browser to compose and send their reply. This will maintain end-to-end encryption. If they reply to the email in Gmail, it would only be encrypted with TLS.

636402303478777355.jpg
636402304094246159.jpg
636402908389714386.jpg
636402303478777355.jpg
636402304094246159.jpg
636402908389714386.jpg

All emails in your ProtonMail inbox, whether sent from other ProtonMail users or non-ProtonMail users using the "Encrypt for Outside" or not, are stored encrypted on your devices. ProtonMail can never view any of your emails, but the sender's email service may retain copies of any messages they send to you if they weren't encrypted using ProtonMail's outside option.

Cover photo and screenshots by Justin Meyers/Gadget Hacks

Comments

No Comments Exist

Be the first, drop a comment!