It's possible to solve both the friction to start and stop using PGP by looking up keys automatically on the target domain, for example using WKD [1]. We (Proton) host a key for every user, which can be used to automatically end-to-end encrypt emails to all Proton Mail users, without any setup needed, nor risk of DoS (since the user can always remove their key from WKD). Various other providers also offer this [2].
Proton user here: I’ve an anecdote because it happened this week and support was unable to help me.
I’ve received a PGP encrypted email by a non-proton user. It worked fine. But I was unable to encrypt my reply to him.
Proton support told me that he needs to attach his public key to his message so I can use it.
It seems that the Proton interface doesn’t offer any way to automatically try to find the public key of an user (from which you have an email address and probably a signature).
We do look up keys automatically using WKD. However, if the non-Proton user's provider doesn't support that, they'll indeed have to attach it or you'd have to import it manually.
We have plans to also look up keys on keys.openpgp.org as well, to offer an automatic solution in case the provider doesn't support WKD.
Thanks for the clarification. I now understand better: I was confusing WKD and keys.openpgp.org as same thing.
As I received the email without the key attached and his domain doesn’t support WKD, I was stuck to manually import from keys directory. It makes sense.
Can you give a quick explanation for someone too dumb to understand your first citation?
I use pgp for years but struggle to understand how proton can say email is encrypted when I never have to decrypt it myself.
If proton has the key how is that different from Google just encrypting everything until right before it displays?
I used proton for a couple years but moved back to Gmail cause I figured all the encryption talk was just promotional and using pgp your self is the only way.
Proton does not have the private key material. When you sign up to Proton Mail, the client generates a key pair for you, encrypts the private key with your password, and sends it to the server, along with the public key (which we publish).
Then, when you log in, the client fetches the encrypted private key, decrypts it with your password, and decrypts your emails with the private key. All of this is done automatically but it's still end-to-end encrypted.
The first citation (WKD draft specification) simply describes how to publish (and look up) public keys for a given email address on its domain. So for twiss@proton.me (hypothetical example), the key is published at https://openpgpkey.proton.me/.well-known/openpgpkey/proton.m....
[1]: https://datatracker.ietf.org/doc/html/draft-koch-openpgp-web...
[2]: https://wiki.gnupg.org/WKD#Mail_Service_Providers_offering_W...