Pretty Good Privacy, or PGP for short, lets you lock your email messages so that only the intended recipient with the key can view them. ProtonMail is one of the few email services that supports this feature without any extra software.

How Does PGP Work?

PGP works using public and private keys. To send an encrypted message to someone, you'll need to know their public key. Signing your outgoing message with their public key allows them to then decrypt it with their private key. End-to-end encryption makes it nearly impossible for anyone to intercept your message. As the name suggests, you should never reveal your private key to anyone.

Using PGP in most email clients requires the use of additional software (like FlowCrypt or Mailvelope) to handle the decryption and encryption process. But ProtonMail already supports OpenPGP natively, which means that you can set it up for use with specific email addresses and then forget about it.

You can use PGP with a free ProtonMail account or a paid one---either way.

If you're already sending an email to another ProtonMail user, then you don't need to worry about this, since messages sent between ProtonMail addresses are already end-to-end encrypted anyway. This is only necessary if you want to exchange encrypted messages with people who aren't using ProtonMail.

Related: What Is ProtonMail, and Why Is It More Private Than Gmail?

Step 1: Share Your Public Key

To set up secure email communication via PGP, you'll need to exchange keys with whoever you're communicating with first.

If you haven't already done so, sign up for a ProtonMail account and sign in. Click on the "Compose" button in the top-left corner of the screen to begin writing a new email. Enter the address of the recipient for whom you want to establish encrypted communication.

Next, click on the "More" drop-down icon and make sure that "Attach Public Key" is checked. You can now add a message to your email body, notifying the recipient that your public key is attached. You can automatically attach your public key to all outgoing mail under Settings > Security by enabling "Automatically attach public key" under PGP Settings.

Step 2: Trust Your Contact's Public Key

Next, you want the person you're communicating with to share their public key. How they do this ultimately depends on how they're using PGP, but it will take the form of a small file attachment. When you receive this email, ProtonMail will notify you that a public key is attached and ask you to trust it.

Click "Trust Key," and make sure that "Use for Encryption" is checked in the pop-up that appears. This will register the public key alongside the email address that sent it.

If the recipient sends you the public key via another means, you can click on "Contacts" at the top of the page and create a new contact. Use the same email from which the key was received, and upload the file you've received. Again, make sure that you select "Use for Encryption" so that you can sign outgoing mail.

You can also manually upload a recipient's public key using ProtonMail's Contacts. See ProtonMail's documentation for more information.

Now Communicate Securely!

With keys exchanged and your address book updated with the right keys, you should now be able to communicate securely with your contact. You'll need to repeat this process for any other contacts you wish to use PGP with. This process is likely why PGP remains a relatively obscure (but effective) encryption tool.

ProtonMail will automatically encrypt and decrypt messages if you have set up PGP correctly. You can tell that a message has been encrypted via PGP if you see the green padlock icon in the "From" field (Mail from other ProtonMail users is signified by a purple padlock.).