Proton

Proton Mail Open Source Cryptography

Over the past year, we’ve had a number of people ask us about our approach to Open Source software. The reality is that the most critical parts of Proton Mail have actually been open source from day one. This is not something that we have made a special effort to point out, and as a result it is not widely known.

All of the source code can be downloaded and viewed here:

https://github.com/openpgpjs/openpgpjs(new window)

In addition to using the OpenPGPjs library, our developers have also audited the library and we regularly contribute our fixes and improvements. In the past few months, we have also made extensive overhauls to the library in order to resolve a couple of major performance bottlenecks and when these changes are completed, we will be making a major OpenPGPjs release which we will detail in a future blog post.

ProtonMail’s approach to open source revolves around two core philosophies.

1. Standards Compliant

We believe in compatibility and interoperability. Thus, Proton Mail’s encryption complies fully with the OpenPGP standard. This brings a number of benefits. Because we are using an open standard, you as the user can know exactly how we are applying end-to-end encryption to secure your emails. In the future, we will be adding to Proton Mail the ability to import and export PGP keys. By complying with OpenPGP, it will be possible to do things like, download Proton Mail messages and decrypt them locally using your own PGP software.

2. Peer Review

As former scientists from CERN, MIT, and elsewhere, we are firm believers in the peer review process. Open source without peer review is just not sufficient. Because of this, we are committed to helping foster and maintain a strong community around OpenPGPjs. Today, OpenPGPjs has become the most well known Javascript PGP library with by far the largest user community. This translates to many developers from around the world reviewing and auditing the code with us to ensure that it is free of security flaws. Simply put, no other JS PGP library has undergone the same level of peer review.

The Future

We are committed to keeping Proton Mail’s cryptography open source for the long run. As time goes by, we will be continuing to open source more and more software packages as they mature. Recently, we completed the first native OpenPGP libraries for both iOS and Android which will be launched in our upcoming encrypted email mobile apps. These native libraries will allow for unparalleled performance and the best possible user experience for secure email on mobile. We look forward to continuing to support open source on mobile and beyond.

Sign up and get a free encrypted email account from Proton Mail.

Related articles

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
en
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
en
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
en
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
en
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
en
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
en
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.