Verifying the Proton Mail Bridge package for Linux

2 mins
Installation on Linux

We provide a signature to verify that the Bridge software you download originates from us. For Windows and Mac, this check is performed automatically during installation. Linux packages, however, require an additional security check from the user.

Proton Mail Bridge supports both .deb and .rpm versions. If you use the .deb version, the instructions are below. If you use the .rpm version, scroll down to find your instructions. PKGBuild installations are automatically verified.

At the time of writing, the current Proton Mail Bridge version is 3.8.2. This will change in the future, so make sure to write the correct version in the commands. If you did not do that, the Bridge should update to the newest version soon.

How to verify the DEB package

The Proton Mail Bridge DEB package is signed using the program debsigs. 

First, make sure debsig-verify and debian-keyring are installed.

sudo apt-get install debsig-verify debian-keyring

Download the public key


Import the public key to your system

gpg --dearmor --output debsig.gpg bridge_pubkey.gpg

sudo mkdir -p /usr/share/debsig/keyrings/E2C75D68E6234B07

sudo mv debsig.gpg /usr/share/debsig/keyrings/E2C75D68E6234B07

We have to use sudo here since this location is under root’s ownership.

Download and install the policy file


sudo mkdir -p /etc/debsig/policies/E2C75D68E6234B07

sudo cp bridge.pol /etc/debsig/policies/E2C75D68E6234B07

Make sure you are in the folder where the DEB file is located, then verify the DEB file by running the below command:

debsig-verify protonmail-bridge_3.8.2-1_amd64.deb

In case you have not downloaded Bridge yet, you can run the below command:


If the check passes, you should see this: 

debsig: Verified package from 'Proton Technologies AG (ProtonMail Bridge developers)'

Install the package using your package manager:

sudo apt install ./protonmail-bridge_3.8.2-1_amd64.deb

How to verify RPM package

The Proton Mail Bridge RPM package is signed using the rpm –sign.

The public key bridge_pubkey.gpg can found here.

You can use the below command to download it: 


To import the Bridge app’s public key to your keyring, use the following instructions:

sudo rpm --import bridge_pubkey.gpg

To check the .rpm file run:

rpm --checksig protonmail-bridge-3.8.2-1.x86_64.rpm

If you have not downloaded the Bridge, you can do so with the below command:


The successful result should look like this:

protonmail-bridge-3.8.2-1.x86_64.rpm: digests signatures OK

Then, to install the Bridge, run the below command:

sudo dnf install ./protonmail-bridge-3.8.2-1.x86_64.rpm

If you still face issues verifying the file, you might have an older key which you should remove to ensure the verification passes.

package protonmail-bridge-3.8.2-1.x86_64 does not verify: Header V4 RSA/SHA256 Signature, key ID e6234b07: NOTTRUSTED

To list the available keys, run the following command:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

You should see something similar to this:

gpg-pubkey-18b8e74c-62f2920f Fedora (39) <> public key
gpg-pubkey-xxxxxxxx-xxxxxxx Proton Technologies AG (ProtonMail Bridge developers) <> public key

To remove the key, run the below command:

sudo rpm -e gpg-pubkey-xxxxxxxx-xxxxxxx

Confirm the key has been removed by running the list command again and you should now be able to install the RPM file.

How to verify the PKGBUILD

It is not necessary to verify the PKGBuild, as the package is verified automatically during the build.

Didn’t find what you were looking for?