Proton sending PGP private key in support ticket

I raised a support issue for proton drive and in the log zip file attached to the ticket was a csv file containing PGP PRIVATE KEY. I asked them what it was for and they said encrypting and decrypting files on device. So why has it left my device and been attached to a support ticket that they or potentially anyone with access to their support system can get access to ….?

This is unnaceptable. You should raise the issue in a bug report ASAP. Resetting your password generates a new encryption key. You will need to double check but the old files should still be accessible with the original password. You would then need to download and re-upload for truly private cloud storage.

I hope this was an error or utility they forgot to remove before the service went live.

If they are leaking private keys on a consumer friendly service then I can’t trust them much moving forward. We’re you using the Proton Drive app which hasn’t been formally released for production use yet?

I’m using the proton drive app for Android. I have replied back to them asking why those keys have left my device. I also posted on the proton drive subreddit as employees seem to interact on there but it was immediately deleted. Possibly because I mentioned the key header so they automatically deleted as a precaution.

I thought I’d post here in case anyone else has noticed and it was actually a key for something else. Hopefully they will look into it and respond.

troll?

Big if true.. Can we get screenshots?

@antitoxic0754 This PGP private key that was contained in the log file, can you elaborate? For instance is the private key for Proton Mail, Drive or some other app? Does the key match any of your Proton Mail/Drive private keys? Are you sure it’s your private key and not their private key used for some development, troubleshooting or other purpose? How did you obtain the log file, did they email it to you or did you go into settings?

In order to make possible logging in and accessing data from any device, private keys that are managed by Proton are not strictly stored only on device. They are encrypted with the user’s password and stored on Proton’s servers. Just thinking aloud, not sure if the log can be obtained by going into settings, if that is how you obtained the log file you may possibly obtain a log file that contains your private key(s) especially if it asks for your password before giving the log file to you.

I’m interested to hear how this story develops.

Resetting the password re-encrypts the private key rather than generating a new key. This is what is normally done in OpenPGP. Otherwise either there would be a growing list of private keys or users would lose the ability to decrypt messages that were encrypted to older keys.

Most of that makes sense but this is exactly what happens if you reset a Proton password. Say you use a recovery email to create a new password. Your old emails are still encrypted according to the old password. They are inaccesible without it.

“If you forget your Proton Mail password and reset it, you will lose access to the corresponding private keys, and these key sets will be switched to ‘inactive.’ You will not be able to decrypt messages that were encrypted with inactive keys, and new messages will not be encrypted using the inactive keys.”

I asked Proton’s Lumo and it confirms your version is how OpenPGP would normally work.

I’m… not sure what to make of this

@antitoxic0754 makes a potentially concerning claim about Proton’s OPSEC practices. I’m glad the PG town square exists to discuss issues like this

Though, with all due respect to OP, I havent been able to find any other documented instances of this occurring, nor any technical reports from OP illuminating this particular occurrence to my satisfaction

I would also hope there is some kind of responsible disclosure happening behind the scenes, as a PG post doesnt really do much to fix the issue or protect other users

When creating support tickets, proton emails back with the device and OS info in the reply message. This is probably automatically created by the app and when entering details or if writing for support and adding info like OS version, proton version, device, etc

Proton is a decent company, but it is strange to see this stuff in email.

Their latest response says

“In regards with the private key, kindly note that the private key is encrypted. We do not have access to it in a decrypted form.
You can read more on how the key is stored here: https://proton.me/support/how-is-the-private-key-stored

Also, I would like to clarify that the private key in the logs was not from your Proton account, but from your network. Our app logs network traffic, and in some endpoints we receive keys, but never are those keys decrypted as well. “

I’ve just posted their latest response above this. I haven’t checked it against any of my private keys yet, but you see private key not being kept private and it sets alarm bells ringing. Id rather flag it then just blindly trust it’s fine without confirming what’s going on.

The log file was attached to the support ticket.

On Android you can obtain Proton Drive log file via → Settings → Show log → → pick a folder where to save the log. It will be a zip file with device_info.txt and log.csv files inside. The first one is some device and app info (e.g. APP VERSION: 2.32.0 in my case) and second one is the actual log.

The log.csv has quite a number of BEGIN PGP PRIVATE KEY sections. I dumped few of them into a file, fixed the newlines (just replace \n with actual newline) and feed the file into gpg (command: gpg --show-keys keys.asc). It shows keys that look like either:

sec# ed25519 2022-11-28 [SC]
<fingerprint1>
uid Drive key
ssb# cv25519 2022-11-28 [E]

or

sec# ed25519 2024-04-08 [SC]
<fingerprint2>
uid ``drive-key@proton.me`` <drive-key@proton.me>
ssb# cv25519 2024-04-08 [E]

None of the fingerprints match what I see in Proton Mail settings, sections “Email encryption keys“ and “Account keys“. I haven’t checked all the keys available in log file, but at first glance it doesn’t look like customer keys are leaking. More like some Proton Drive internal keys.

It’s worth reading the log file further. It looks like it exposes some info about files and folders stored in Drive. I see files and folders being mentioned, alongside the MIME type of the file (e.g. application/pdf). There are also sizes but those few I checked were slightly bigger in log file than the actual file size (like 50-60 bytes bigger). Log has a lot of emails. And not only the Proton account emails. There are also emails (sender and receiver), subjects and list of attached files (with actual file names and file sizes (again, 50-60 bytes off)) from mail I have forwarder to my Proton email address.

Probably there are more but log is too big to analyze it by just reading. IMO, at least PGP keys has to be dumped and verified via e.g. Python script.

Could you clarify it these files and folders are referenced by name? If I named one ‘friend_wedding_2018’ would it appear in the log?

Are full emails included? Sender, recipient, aliases, attachments?

Files and folders uploaded to Drive manually (or created there) has no names. They have account email address attached.

Stuff that got into Drive from forwarded mail:

• sender email
• recipient email (e.g. my another non-Proton mail that is set to forward mail to Proton)
• actual subject
• actual file names
• file sizes

Will it be account keys that drive files are encrypted with?

Edit: ok, they are not.

I apologize, I missed the key word “reset.” I was thinking of the scenario where a Proton user changes their password but not reset it through a recovery system.