ProtonMail Open Source Cryptography

Over the past year, we’ve had a number of people ask us about our approach to Open Source software. The reality is that the most critical parts of ProtonMail have actually been open source from day one. This is not something that we have made a special effort to point out, and as a result it is not widely known.

ProtonMail’s front end encryption is completely open source and uses the OpenPGPjs library. All of the source code can be downloaded and viewed here:

In addition to using the OpenPGPjs library, our developers have also audited the library and we regularly contribute our fixes and improvements. In the past few months, we have also made extensive overhauls to the library in order to resolve a couple of major performance bottlenecks and when these changes are completed, we will be making a major OpenPGPjs release which we will detail in a future blog post.

ProtonMail’s approach to open source revolves around two core philosophies.

1.  Standards Compliant

We believe in compatibility and interoperability. Thus, ProtonMail’s encryption complies fully with the OpenPGP standard. This brings a number of benefits. Because we are using an open standard, you as the user can know exactly how we are applying end-to-end encryption to secure your emails. In the future, we will be adding to ProtonMail the ability to import and export PGP keys. By complying with OpenPGP, it will be possible to do things like, download ProtonMail messages and decrypt them locally using your own PGP software.

2.  Peer Review

As former scientists from CERN, MIT, and elsewhere, we are firm believers in the peer review process. Open source without peer review is just not sufficient. Because of this, we are committed to helping foster and maintain a strong community around OpenPGPjs. Today, OpenPGPjs has become the most well known Javascript PGP library with by far the largest user community. This translates to many developers from around the world reviewing and auditing the code with us to ensure that it is free of security flaws. Simply put, no other JS PGP library has undergone the same level of peer review.

The Future

We are committed to keeping ProtonMail’s cryptography open source for the long run. As time goes by, we will be continuing to open source more and more software packages as they mature. Recently, we completed the first native OpenPGP libraries for both iOS and Android which will be launched in our upcoming encrypted email mobile apps. These native libraries will allow for unparalleled performance and the best possible user experience for secure email on mobile. We look forward to continuing to support open source on mobile and beyond.

About the Author


We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

43 comments on “ProtonMail Open Source Cryptography

  • Thank you very much, you did a very great job.

    For improvement, it would be nice if for the contact list, you also add address, phone number, and other emails related to a contact…

    What can be another feature for the future is to do at the same time email, and cloud functionality.

    BR, Nicolas

  • To Proton Developers, I am aware of the high level of cryptography used in your mail and your servers, however is it possible to add a Proton mail account manually to the Mail application built in to Apple OS X Yosemite version 10.10.3, I don’t know how to find the IMAP mail server and POP mail server. Are these details accessible to the end user, even in the beta ?

  • Awesome stuff.

    I do have one suggestion/question – I do believe browser exploits have been found in the past regarding Protonmail, yes? Of course, they required a very specific set of things to happen and almost required the end user to be doing it, and have since been addressed, however…

    Do you think it would be a good idea to create your own client-side e-mail browser for accessing e-mail to help add more security? It’d be another layer at least.

    But I know that’s probably a lot of work, and Protonmail can’t be blamed for the end user having an infected machine if he has one.

    On a last note, what browser does the Protonmail team suggest most anyway? It’s to my understanding that Chrome is the most secure and I’ve been using it because regardless that some parts of it are not open-source it seems nobody has found any reason to be suspicious of it either. Firefox on the other hand is totally open-source I do believe, but has slightly lower security ratings. All in all I’ve learned that Privacy =/= Security.

    Also waiting for the mobile apps, will love it.


  • Oh! Additionally, what formatting does Protonmail support? Just any HTML?

    You should probably add an “insert link” and “insert image” buttons for those that don’t know HTML though.

    Thanks again.

    • The editor in the compose page has these features currently. We hope to improve on the email editor in the future.

  • This level of transparency time and again just further reinforces my trust in protonmail. Thanks and deep respect for all your work!

  • Do you guys have any release date for the android app?

    For me, an easy way to export the e-mails for offline archival and improved contact list would be the most needed features.

    Tanks for the awsome work !

    • Actually, we aren’t very dependent on the legal environment because we protect data through the technology that we utilize and that doesn’t depend on where we are based.

  • Hey, I’m a recent user and very infrequent at that — still, I would like to say thanks. Very nice job, very clean interface, love open source thing. Very impressed.

  • Hi guys,

    I have a ProtonMail account for a week now and here are some thoughts about your amazing service. I have the feeling that your bigger strength is also the biggest challenge of ProtonMail. You managed to deliver a robust product with a nice and polished design, I mean it is easy to use, nice looking, etc… but then I realized that ProtonMail is (kind of) useless if you do not manage to have an important part of your contact using it. On one side not many people have highly sensitive mail to send (they represent a small amount of your users. I assume) and on the other side I am afraid that the average user (although concerned by privacy) of protonmail will get bored of the restrictions required by your very secure design when most of his emails are send to @gmail, @hotmail, etc…

    I am convinced that custom domain will help to migrate existing email addresses to your service, increasing the user base and therefore the purpose of protonmail for an everyday use. Moreover, a lot of important email are business related inquires and no company will drop their @myCompany for a @protonmail (although it would be a great step towards protecting their communication).

    But then I am asking myself. Since your are talking about doing iOS/Android apps to make protonmail easier to access for everyone. Obviously you target to reach more people than just the ones with highly sensitive information to share. Do you plan to develop instant messaging services?

    I really believe that a great functional instant messaging app (like Whatsapp but without facebook on top) is what most users are waiting for. Because the email is like outdated (I personally write 1 email for about 1000 messages) but more importantly because 1000 messages contain for about me than 1 even important email.

    This post is a way to give you my point of view about protonmail, and what would be the ideal solution for me. I didn’t take part to your feedback because no answer really suit my thoughts. However, taking about money, I would be ready to pay up to 10 dollars per year for great instant messaging app. If you allow custom domain name, I would definitively be ready to subscribe to protonmail for email hosting.

    Hope this can help! Again Congrats for the current state of your product. Keep going!

    Cheers from Zürich!

    • I differ your opine in here

      “but then I realized that ProtonMail is (kind of) useless if you do not manage to have an important part of your contact using it. On one side not many people have highly sensitive mail to send (they represent a small amount of your users. I assume) and on the other side I am afraid that the average user (although concerned by privacy) of protonmail will get bored of the restrictions required by your very secure design when most of his emails are send to @gmail, @hotmail, etc…”

      That is the reason the literate folks like users of protonmail should help educate. I get that a lot, “hey why do I need privacy, I am not doing anything wrong.” I usually try to explain them with reasoning and they get it.

      The reason we should hail (yeah I know I used that word) protonmail is for giving us back the email which we thought was ours. The original idea of email was I send it to you and only you read it and the topic is closed.

      Unlike what we have now in @gmail, @yahoo, @hotmail is, I send it, they all read and modify it place ads before anyone even get to see it. One should feel being ripped off of their shield for violating my personal space. It happens the same way even if I were to pay money and buy a domain off of any providers. Ads, correlations and invasion of privacy.

      ProtonMail does the exact opposite of it. Breaks away the barriers of anyone reading the mail to whom it was not intended. Securing my email for all purpose intended.

    • Hi,

      protonmail has feedback request for chat called protonchat
      However, protonmail is a mail service designed for encrypted email not for messaging service. If you are interested on secure encrypted messaging service with open source application similar to whatsapp, you should take look at telegram Moreover, you should take a look at this

      Best Regards

    • The best way for Protonmail to secure an account is a checkbox for receiving mail only from other Protonmail accounts. Or perhaps a general whitelist. Everything else would bounce back to sender. You would tell friends, use Protonmail to reach me. Those who care enough will do so.

  • Hi, i signed up a few days ago for an mailadress. How much time do you need to extend your capacities?
    How long is the waiting time for new users?

    best wishes

    • We don’t have an average waiting time for new users. We plan on sending many more invitations soon, so you should receive yours shortly.

  • Absolutely love protonmail, and I’m ecstatic about the coming native mobile applications mentioned. In that vein, is there any possibility of native desktop applications on the horizon (specifically linux, maybe even a CLI app)?

  • Re: Pop3 access

    Thanks for the work on this, As along time PGP/GPG user I understand the concepts and the goal you are working towards. However, many of us have understandable questions about the security of browsers out there (not to mention the platforms they run on). If the option of private key download (TLS) then POP3 access of the Inbox, the integrity of your model would not be compromised and allow decryption of the message in other, non browser, programs as well as use of browser in mobile devices.

    It would allow non-tech savvy users to communicate securely with accounts without going through the learning curve associated with PK encryption. Non Account plain text messages are still arriving at your servers via SMTP and are only protected once they hit. And POP3 downloads should be as secure as regular RSA OpenPGP messages. The only hang up would be the private key download; but if your passphrase is good, that shouldn’t be an issue.

    Thanks again-

  • Hi!

    I’ve received an invite but its not in my inbox or my spam folders, is there any way I can get it resent?


  • My primary question is: Do you plan to develop instant messaging services? I noticed it has been asked before without a response.

    I have no idea what that would involve, but I’m starting to utilize IM and Cell Texting more than email and I really think the trend is heading in the same direction.

    Thank you for what you have done!!! It is very much appreciated!!! Keep up the GOOD WORK!!!

      • sorry for disturbing but I’ve got one quick question (out of topic above): in composing a new mail, today is a place only for ONE recipient!!! Maybe I’m wrong but If I’m right my question: HOW to compose a mail addressed to several/multi recipients??
        Hugs for “admin” and protonmail team and “useres”

  • Thank You so much for this huge, and easy step to more privacy !!!

    I did read about GPG in the future, and happily waiting for it, to use it in Apples Mail, where GPG is waiting.

    By the way,- german for Switzerland would be fun to 🙂

    wish You good luck for this project

  • >Recently, we completed the first native OpenPGP libraries for both iOS and Android which will be launched in our upcoming encrypted email mobile apps.

    Any plans for WP apps?

  • At a glance, I didn’t notice an on-screen keyboard option to thwart keystroke loggers. Did I miss it somewhere?

    If not, is this planned for a future release?

  • hi, i have recently an account on proton mail, but i have in the past and account on yahoo.
    there is an opcion in wich my old mail automatically send all the emails to my new protonmail.
    P.D: Im sorry if this question is in other publication but i was looking and i dont fount it, i didnt even know the name of that accion or if that exist :/…

    • Yes, this should be possible, in your Yahoo Mail, it should be possible to set a mail forwarding to forward all your mails to ProtonMail.

  • First of all i would like to thank the team behind this amazing,crazy and futuristish service.
    I have also noticed that no question from the users was left unanswered, which unswered the questions i had and added some lights to things i didnt think about, like mail forwarding.

    second thanks to you protonmail users to ask the right questions, give feedback and suggestions.
    As user myself i am very proud to be a member of this promissing comunication service.
    My friends are going to be jealous about this.

    Finally i have the feeling this is not the last time i am doing this, althoug i can’t promess you my english would be better by then, but my mails are sealed.