is there a way to receive pgp encrypted e2ee emails to email alias ?
for example i have proton mail address and want to receive an email to my alias while using my pm public key (right now simplelogin strips them because it shows main address) , is there any alias provider that modifies the pub key’s uid to the alias like explained here : Reddit - Please wait for verification ?
right now you can attach your pub key to simplelogin but it will receive unencrypted email from sender and encrypt it , but i want e2ee (easiest way is to send from main address directly i know , but i want to use an alias for extra privacy)
I was actually about to post about this myself. In my case, I tested Addy.io + Proton, and the issues are the same as with any alias provider: the email arrives unencrypted at the alias provider and is only encrypted when it reaches your final email provider.
PGP support is important for providers like Mailbox.org and others (including Gmail), though I believe it’s less critical for providers like Tuta, which encrypt emails regardless of PGP keys.
For me, what would be ideal is having a PGP key for emails arriving at the alias itself—not just for the final mailbox. This seems like a limitation inherent to how alias services work technically.
Personally, I find myself questioning the value of an “encrypted mailbox” if the email content has already been decrypted somewhere else—in this case, at the alias provider. At the end of the day, it’s the old truth: email simply wasn’t designed to be secure.
Exactly, gpg encryption only fully protect you if its end to end, if its sent encrypted from the source ie paypal, facebook, twitter, your water company, you isp, your doctor, your lawyer, your grandma gpg encrypt from their end before sending. But nobody does that. Its not how alias service works, its how email itself works.
A PGP/GPG-Key is bound to an email address. Part of it’s purpose is to prove an email is actually written by the owner of that address.
If you have an PGP/GPG-Key for myrealidentity@emailprovider.com then you should use it only for email communication for this address.
If you are using an alias like myalias@emailprovider.com then you have to create a PGP/GPG-Key for that alias and use it for all communication using that alias.
That’s a nice thought. And it brings me to a more practical suggestion. You can use an PGP/GPG encrypted e-mail attachment to transport encrypted information via an email address “that is not your own“. You would still connect two identity markers you presumably wish to keep separate however.
If you add it as a vaild user id it should. Again no idea how well proton supports that. Anyways the question was about encrypting, not signing.
Correct, using the same key pair for two or more email addresses allows others to know they are owned by the same entity. Alternatively one could generate a unique key pair for every alias they want to receive encrypted messages on.
Any idea of an alias provider that has easy setup of pgp per alias ? or what’s the easiest way to do so if they don’t , would mailevelop be a practical solution ?
With proton you get 15 account email addresses. Those each get their own PGP key pair automatically and support for WKD. You can set them up here Proton
I haven’t looked for or needed a tool that does aliases and PGP.
You can use GPG or Openkeychain to generate key pairs, then you need a way to give your recipients the public key and your email client to be able to decrypt. Could be possible using proton bridge and Thunderbird. Seems like a lot of work and easy to go wrong.
Honestly use the 15 different account addresses or just separate accounts.
Awhile back I was listening to a well known cryptography podcast that made the case for why PGP emails are a waste of time and found myself wondering why they were advocating for users to move away from using it.
It’s quite possible but without friction. Say you’re on iOS, you have an @icloud.com, you create an alias, you generate a keypair for that alias, and want to send a PGP encrypted email. You can’t use the standard Mail client for that because it only support S/MIME. So you switch to something like Canary, you generate your keypairs there and add the public key of who you want to email.
Now let’s say that party you want to email is using something like Zoho mail. This provider allows you to receive and send PGP encrypted emails using Mailvelope, after you add your public key to to signing server. You import the public key for the alias address that was generated with the options to sign and encrypt the emails you send.
Yes, it’s a bit of a hassle to setup but in the end you have proven encrypted PGP communication, which I would say I tend to trust more than any messenger.
