Proton

How to check encryption status using lock icons

Lecture
7 minutes
Catégories
Compose and send emails
Receive and read emails

All messages in Proton Mail are labeled with a lock icon that tells you their encryption status. In this article, we explain what they mean.

A lock icon is shown next to every email in your inbox and custom folders(nouvelle fenêtre)

The encryption status of sent and received emails shows you how the message was encrypted when it was sent and can’t be changed.

Lock icons are also shown in the Composer window and may change depending on how the email is sent. For example, if you set a password for your message using our Encrypt for non-Proton Mail recipients(nouvelle fenêtre) feature, the lock will change from Black (or Green (open) if a PGP signature is attached) to Blue.

What the lock icons mean

The main indicator of a message’s encryption status is the color of the lock icon. Additional information is provided by a small symbol inside the lock. Please note that encryption only applies to message contents and attachments. Message headers and metadata are not encrypted so that Proton Mail can be interoperable with PGP.

Black lock

A black lock means that a message is stored with zero-access encryption(nouvelle fenêtre). This means nobody other than you can read this email in your mailbox. Not even Proton Mail can decrypt this message. However, a copy of this email may be stored insecurely on the sender or recipient’s email server.

Plain black lock(nouvelle fenêtre)Plain — Message stored on Proton Mail’s servers using zero-access encryption

Blue lock

You will see a blue lock on emails sent between Proton Mail email addresses. These messages are stored with zero-access encryption, but they also feature automatic end-to-end encryption(nouvelle fenêtre) (E2EE) for an extra layer of security. 

This means the messages have been encrypted by the sender on their device and can only be decrypted by the intended recipient on their device. No one else, including Proton Mail, can access E2EE messages.

Plain blue lock(nouvelle fenêtre)Plain — End-to-end encrypted message 
Blue lock with checkmark(nouvelle fenêtre)Checkmark — End-to-end encrypted message with verified recipient/sender. This lock is used for the contacts for whom you enabled the optional Address Verification feature. Address verification and end-to-end encryption allow for a much higher level of security than just E2EE alone.
Blue lock with warning(nouvelle fenêtre)Warning — This lock can appear if you enabled the optional Address Verification feature. It means the message could not be verified using the sender’s trusted key. If you see this warning, you may wish to contact the sender to confirm the authenticity of the message.
It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software. To find out more specific information about the problem, hover your mouse pointer over the lock icon to see a tooltip.  

Here are some examples of things that could cause a warning to be shown:

  • The use of an insecure key (for example, an RSA-1024 key or a key authenticated using SHA1)
  • The sender changed their key and signed the email with a new key that you haven’t trusted yet
  • You reset your password, and the contact signature (containing the trusted key) couldn’t be verified

Green lock (closed)

Proton Mail is interoperable with PGP, allowing you to send and receive E2EE emails with people who don’t use Proton Mail. Messages to people who have correctly set up PGP will be end-to-end encrypted and show a closed green lock. This includes people using WKD keys(nouvelle fenêtre)

Learn how to use PGP with Proton Mail(nouvelle fenêtre)

Plain green lock closed(nouvelle fenêtre)Plain – PGP end-to-end encrypted message
Closed green lock with pencil(nouvelle fenêtre)Pencil — PGP end-to-end encrypted and signed message. A PGP signature guarantees that the sender is genuine and that the message hasn’t been tampered with.
Closed green lock with che(nouvelle fenêtre)Checkmark — PGP end-to-end encrypted message with verified recipient/sender. This is the most secure way to email someone who doesn’t use Proton Mail.
Open green lock with warning(nouvelle fenêtre)

Warning — PGP end-to-end encrypted message, but the sender’s email or key couldn’t be verified. If you see this warning, you may wish to contact the sender to confirm the authenticity of the message.


It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software. To find out more specific information about the problem, hover your mouse pointer over the lock icon to see a tooltip.

Green lock (open)

An open green lock shows that a message is not end-to-end encrypted using PGP, but has been digitally signed with a PGP signature. These emails, like all emails, are stored on our servers using zero-access encryption.

Green open lock signedPencil — PGP-signed message. A PGP signature guarantees that the sender is genuine and that the message hasn’t been tampered with. 
Green lock with checkmark(nouvelle fenêtre)Checkmark — PGP-signed message from a verified sender
Open green lock with warnng(nouvelle fenêtre)Warning — PGP-signed message, but the message could not be verified using the sender’s trusted key. If you see this warning, you may wish to contact the sender to confirm the authenticity of the message.
It can also mean that the contact’s key or signature is insecure. In this case, please ask them to update their key or software. To find out more specific information about the problem, hover your mouse pointer over the lock icon to see a tooltip.  

Vous ne trouvez pas ce que vous cherchez ?

Contact - Général[email protected]
Contact - Média[email protected]
Contact - Juridique[email protected]
Contact - Partenariats[email protected]