OpenPGP.js and GopenPGP are easier to test with other encryption suites

Share this page

As part of our mission to make security, privacy, and freedom accessible to all, we maintain two open source cryptography libraries that make it easier for developers to apply strong encryption in their projects. We have been the maintainers of OpenPGP.js(new window) since 2016 and GopenPGP(new window) since 2019, meaning we are responsible for ensuring these repositories are up-to-date, secure, and accessible.

It is also important that these encryption systems are interoperable — i.e., that they can interact with other cryptographic libraries. The more interoperable libraries are, the more widely they can be used.

That’s why today we’re pleased to announce that we integrated our cryptography libraries into the OpenPGP interoperability test suite(new window). This suite, maintained by the Sequoia PGP(new window) team, makes it easier and faster to run compatibility tests between different open source encryption libraries and share the results of those tests. Developers can use this suite to ensure their encrypted apps are compatible with encrypted services that use different implementations of OpenPGP.

Improved testing with other OpenPGP implementations

This portion is rather technical; however, the important thing to take away is that our encryption team added a specific interface that is shared between different types of OpenPGP software. Even if these other OpenPGP implementations are written in different programming languages, this shared command-line interface lets developers test them together.

To integrate our libraries into the test suite, we implemented the Stateless OpenPGP (“sop”) command line interface(new window) for OpenPGP.js(new window) (sop-openpgp-js(new window), expanding on the work by Sequoia) and GopenPGP(new window) (gosop(new window)). We released both implementations under open source licenses.

The standardized “sop” interface provides a common ground for testing the compatibility between OpenPGP implementations written in several languages, such as Rust, Python, and C++. The results of these tests(new window) show that there is good interoperability between OpenPGP.js, GopenPGP, and the other tested libraries, with widespread support for strong cipher suites, elliptic-curve cryptography, and authenticated ciphers. This analysis exposed a few minor interoperability bugs as well, which we have since fixed.

Why Proton loves open source

We are big advocates for open source. As physicists and scientists, we appreciate that open source forces you to “show your work.” That is why we made all user-facing Proton apps, both for Proton Mail(new window) and Proton VPN(new window), open source and have published all the results of third-party security audits. By taking these steps, any security researcher can verify our code.

We also believe in decentralization and open collaboration, which open source fosters. We have even worked with members of the Proton community on our Linux command line tool for Proton VPN(new window)

Adding our libraries to the interoperability test suite is a great initiative to drive the OpenPGP protocol forward. It is now even easier for other privacy-focused software and app developers to incorporate strong encryption into their projects. The more apps that are encrypted, the more private data will be protected.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy. Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.


Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Proton Team

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

No email service is completely anonymous. Learn how to send an email as anonymously as possible using private email, aliases, and a VPN or Tor. Do you need to send an email without revealing who you are? Unfortunately, you can’t just sign up for a f
Today, we’re introducing Proton Family, our all-in-one plan to protect your family’s privacy.  When you’re a parent, you do everything you can to prepare for the unexpected and keep your family safe. But extending this protection online is difficult
Starting last year, Google began to increase the number of ads displayed in Gmail. It started with more ads in the Promotions tab on mobile. And now it has grown to include advertising messages between regular emails on Gmail’s desktop site. Gmail u
Fraudsters have many ways to steal your identity and money, but there are simple steps you can take to protect yourself. Given how much valuable personal data we store online, scammers have a strong incentive to try to steal it. With just a few pers
Almost everything on the internet is encrypted these days. And yet data breaches still frequently spill sensitive files into the hands of hackers, and identity theft is a multi-billion-dollar industry. Why? This article explains what’s broken about
The biggest tech companies in the world are quietly lobbying the governments of 14 countries to grant them legal protection from any regulatory oversight. Few people are aware of Big Tech’s plans, shrouded in the secrecy of trade negotiations for th