Why can't mom write me an email?
Detective investigation into the Proton encrypted mail case.
Sudden silence
I am an active user of email, preferring long chains of letters to instant messengers when communicating with many friends and contacts. It is convenient that the mail is not tied to one device or platform, and since I have my own domain, I can transfer it from service to service at any time, and the sender does not have to find out my new address. However, in the last two months, I suddenly stopped receiving some letters from friends and even from my mother.
Instead, I started receiving PGP encrypted emails with an empty body that looked like this:
Upon examining the message, it became obvious that this was an encrypted letter, which Fastmail does not support. This service has a whole post explaining this position:
https://www.fastmail.com/blog/why-we-dont-offer-pgp/
but until recently this didn’t bother me too much, because no one sends me encrypted emails.
Now I know that Proton sends encrypted emails to other Proton mailing addresses, but it was obvious that the email address was not hosted on Proton; this is easy enough to determine using DNS. When I tried to use my work email, things got even weirder because the same error occurred.
I checked the raw message, and indeed it turned out that the letters were encrypted by Proton. The work address is hosted on Google Workspaces, so I was confused. Are Proton email users unable to send emails to Google Workspaces addresses? How can this even be? My Proton-using friends and mom would notice that their emails always disappear into oblivion when communicating with most people.
I opened a ticket with Fastmail, hoping that the service had encountered this problem before, but without much success. I then opened a ticket with Proton, but at the time of writing I have not received a response.
How Proton Works (Supposedly)
Many people I know switched to Proton because it seemed to be able to deliver encrypted emails in the least annoying way possible. Its encryption uses PGP asymmetric key pairs and looks up other users' public keys located on their key server. It also uses Key Transparency technology, which compares client search requests with server-side requests, allowing for simple, highly secure encrypted messaging (at least that's what the service claims).
There appear to be three classes of keys in Proton.
- User keys: Encrypt account-related data such as contacts. They are not passed on to anyone.
- Address keys: for encrypting messages and data.
- Other Keys: The part of the key tree leading to the address key as the primary foreign key that people use.
So it makes sense that Proton can look up address keys for users in its system. But where do my keys come from? There's a small snippet on page 10 of the Proton Key Transparency article:
In the case of external addresses, the server can return mail encryption keys that it found in the Web Key Directory (WKD) [6] (since email is hosted elsewhere). The server can also return data encryption keys, for example, for Proton Drive. The first must have proof of absence in KT, and the second must have proof of presence. For non-Proton addresses, the server can also return the keys it finds in the WKD. Thanks to this, clients can automatically encrypt messages to it. These keys will not be in ProtonKT, so KT must return a proof of absence.
What else is WKD?
WKD, or OpenPGP Web Key Directory, is an IETF draft by Werner Koch. It describes a service in which you can search for OpenPGP keys by email addresses using the service. It also allows the key owner and email service provider to publish and revoke keys. This is a very clever system and an interesting way to get around the annoying features of PGP mail encryption. The document can be read here:
https://www.ietf.org/archive/id/draft-koch-openpgp-webkey-service-16.txt
. It outlines the registration process by which the user tells the WKD service that they have a key that they want to register. There's just one problem: I've never done it; at least I don't remember doing it. I definitely don't keep a page with any kind of key verification.
It looks like there is some way to get a CNAME record pointing to keys.openpgp.org where I have the key installed but my domain doesn't have it configured.
nslookup openpgpkey.matduggan.com
Server: 2a01:4f8:c2c:123f::1
Address: 2a01:4f8:c2c:123f::1#53
Non-authoritative answer:
*** Can't find openpgpkey.matduggan.com: No answerA source of information:
https://keys.openpgp.org/about/usage
.
I can’t understand why Proton thinks that I can use this key, BUT I confirm that it is with this key that it encrypts letters.
What?
It looks like if your address returns the key from
keys.openpgp.org
, then Proton will encrypt the message with your public key from there, even though (as far as I understand) I did not specify that this service should be used. I also can’t figure out how to tell him that he doesn’t need to do this.
What happens if I simply remove the key from keys.openpgp.org? This is quite easy to do, just go to the address https://keys.openpgp.org/manage and follow the instructions in the letter. This seems to work almost instantly.
Proton, what the hell is this?
I'm a little confused. It would make perfect sense to send me encrypted emails if I did a CNAME setup indicating that's what I want, but that's not how the service seems to work. As far as I understand, the very process of loading an OpenPGP-compatible key forces the service to send end-to-end encrypted messages.
If Proton responds to me, I'll update the post, but in the meantime, if you stumbled upon this post because you've been receiving empty emails for months, then at least you'll know how to fix it.
