Proton
protonmail-openpgpjs-protonmail-security-audit

At Proton Mail, our goal is to make encryption as widespread and accessible as possible. We believe a key step toward that is having well-maintained, robust, and secure open source encryption libraries. This is the goal of our efforts on the OpenPGPjs encryption library, which is today used by hundreds of applications (including Proton Mail) serving millions around the world. As the maintainer of OpenPGPjs, we are responsible for making sure the library is up to date and secure, as well as offering basic support to developers who wish to use it.

In March 2018, we released Version 3.0 of OpenPGPjs. With this major update, OpenPGPjs is even more powerful, secure, and efficient. As part of this update, the OpenPGPjs developer community commissioned an independent security audit from the well-respected security firm Cure53(новое окно). Independent security audits are an important way to ensure there are no vulnerabilities that could be exploited by attackers.

Summer 2018 Security Audit Coverage

The version 3.0 release brought many new features and improvements, such as support for elliptic curve cryptography(новое окно) (ECC), which uses smaller signing and encryption keys compared with RSA cryptography(новое окно) (what Proton Mail uses now), making it a faster and more efficient alternative.

The new version also adds compression, which reduces the size of data before encryption to save space (and time) during encryption and transmission. OpenPGPjs now also offers support for AEAD(новое окно) (Authenticated Encryption with Associated Data). This protocol provides confidentiality, integrity, and authenticity guarantees on encrypted data, so that when you decrypt data, you can be sure this was the exact same data encrypted by your sender, and you can be sure that it was indeed encrypted by that sender. For those who are interested, you can find the full technical details of OpenPGPjs Version 3.0 here(новое окно).

The Cure53 team focused on a couple of these new features while also taking a closer look at some key aspects of OpenPGPjs’ crypto implementations. In particular, the audit focused on the following:

  • AEAD encrypted packets
  • EAX, GCM, OCB
  • CMAC
  • All cryptographic primitive implementations: AES, AES-EAX, AES-GCM, AES-CBC, ED25519, C25519, ECDSA, HMAC, P256, P384, P521, SECP256K1
  • Prime number handling
  • Date support in signatures
  • Cryptographic API exposure via different providers

OpenPGPjs Audit Results

We are pleased to receive a highly positive result from the audit. No major issues were discovered. In their summary, Cure53 provided the following feedback(новое окно):

“Tested cryptographic implementations were top notch and excellent quality given the platform. The only limitations come from the platform itself (JavaScript/web), which do not allow for side channel resistance or reliable constant time operations. Overall however this is an exceptional library for JavaScript cryptography.”

As OpenPGPjs forms the foundation of Proton Mail’s encryption, this result provides extra certainty that Proton Mail’s cryptography is properly protecting users as intended. Working with the open source community is an important part of what we do at Proton Mail, and we will continue to build out the OpenPGPjs library. We are grateful to the Proton community for supporting us in these efforts.

Sign up and get a free secure email account from Proton Mail.

We also provide a free VPN service(новое окно) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

Статьи по теме

A computer monitor, a box of case files, and a lock representing law firms that protect their information security
en
A simple guide to law firm cybersecurity. See how to protect business and client data, prevent breaches, and stay compliant with encryption.
The cover image for a Proton Pass blog about brushing scams, which shows a package with a warning sign above it
en
  • Советы о конфиденциальности
A brushing scam means your personal data has leaked online. Learn how to protect yourself with hide-my-email aliases and dark web monitoring.
An encryption lock breaking
en
  • Новости о конфиденциальности
Apple turned off its end-to-end encryption in the UK in response to a government notice. We look at what this means and how people in the UK can protect their data.
Image showing Google, Apple, and Meta as apps that allow surveillance
en
  • Новости о конфиденциальности
Big Tech companies - Apple, Google, and Meta - have built a mass surveillance machine that the government can easily tap into.
Proton symbol for protecting user privacy after Apple disabled ADP in the UK
en
  • Советы о конфиденциальности
Apple dropped ADP for UK users, leaving data unprotected by end-to-end encryption. See why E2EE matters and how to keep your data safe.
The cover image for a Proton Pass blog about how to find your saved passwords on Android, which shows a phone screen, an Android icon, and three password fields
en
  • Советы о конфиденциальности
If you're using an Android device, here's how you can find the saved passwords on your phone and how Proton Pass can help you organize them more securely.