Over the past year, we’ve had a number of people ask us about our approach to Open Source software. The reality is that the most critical parts of ProtonMail have actually been open source from day one. This is not something that we have made a special effort to point out, and as a result it is not widely known.
ProtonMail’s front end encryption is completely open source and uses the OpenPGPjs library. All of the source code can be downloaded and viewed here:
In addition to using the OpenPGPjs library, our developers have also audited the library and we regularly contribute our fixes and improvements. In the past few months, we have also made extensive overhauls to the library in order to resolve a couple of major performance bottlenecks and when these changes are completed, we will be making a major OpenPGPjs release which we will detail in a future blog post.
ProtonMail’s approach to open source revolves around two core philosophies.
1. Standards Compliant
We believe in compatibility and interoperability. Thus, ProtonMail’s encryption complies fully with the OpenPGP standard. This brings a number of benefits. Because we are using an open standard, you as the user can know exactly how we are applying end-to-end encryption to secure your emails. In the future, we will be adding to ProtonMail the ability to import and export PGP keys. By complying with OpenPGP, it will be possible to do things like, download ProtonMail messages and decrypt them locally using your own PGP software.
2. Peer Review
We are committed to keeping ProtonMail’s cryptography open source for the long run. As time goes by, we will be continuing to open source more and more software packages as they mature. Recently, we completed the first native OpenPGP libraries for both iOS and Android which will be launched in our upcoming encrypted email mobile apps. These native libraries will allow for unparalleled performance and the best possible user experience for secure email on mobile. We look forward to continuing to support open source on mobile and beyond.