The ProtonDrive Security Model - ProtonMail Blog

# The ProtonDrive Security Model - ProtonMail Blog ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) URL:: https://protonmail.com/blog/protondrive-security/ Author:: protonmail.com ## Highlights > The PGP encryption method allows using multiple asymmetric keys or passwords to encrypt a payload. PGP begins the encryption process by generating a new symmetric session key, which is a random passphrase of sufficient length. The session key is used to encrypt the payload, producing the data packet. > The next step is to encrypt the session key, in turn, with each asymmetric key and each password provided by the user, resulting in multiple key packets. Each asymmetric key or password can decrypt its corresponding key packet and use the session key within to then decrypt the data packet. (See figure 5) > Allowing a new key (i.e., a new user) to decrypt the payload is a simple operation that doesn’t alter the data packet — only the session key needs to be encrypted again with the new key, producing a new key packet. > File and folder contents (the payload) are secured using a single session key with symmetric encryption. Users gain access to the payload by encrypting and decrypting the session key using asymmetric encryption. --- Title: The ProtonDrive Security Model - ProtonMail Blog Author: protonmail.com Tags: readwise, articles date: 2024-01-30 --- # The ProtonDrive Security Model - ProtonMail Blog ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) URL:: https://protonmail.com/blog/protondrive-security/ Author:: protonmail.com ## AI-Generated Summary None ## Highlights > The PGP encryption method allows using multiple asymmetric keys or passwords to encrypt a payload. PGP begins the encryption process by generating a new symmetric session key, which is a random passphrase of sufficient length. The session key is used to encrypt the payload, producing the data packet. > The next step is to encrypt the session key, in turn, with each asymmetric key and each password provided by the user, resulting in multiple key packets. Each asymmetric key or password can decrypt its corresponding key packet and use the session key within to then decrypt the data packet. (See figure 5) > Allowing a new key (i.e., a new user) to decrypt the payload is a simple operation that doesn’t alter the data packet — only the session key needs to be encrypted again with the new key, producing a new key packet. > File and folder contents (the payload) are secured using a single session key with symmetric encryption. Users gain access to the payload by encrypting and decrypting the session key using asymmetric encryption.