Verifying the ProtonMail Bridge package for Linux

We provide a signature to verify that the Bridge software you download originates from us. For Windows and Mac, this check is performed automatically during installation. Linux packages, however, require an additional security check from the user.

ProtonMail Bridge supports both .deb and .rpm versions. If you use the .deb version, the instructions are below. If you use the .rpm version, scroll down to find your instructions. 

How to verify the DEB package

The ProtonMail Bridge DEB package is signed using the program debsigs. To verify the package’s signature, you need to install:

sudo apt-get install debsig-verify debian-keyring

The Bridge app’s public key bridge_pubkey.gpg can be found here.

To import the Bridge app’s public key to your keyring, use the following commands:

sudo mkdir -p /usr/share/debsig/keyrings/E2C75D68E6234B07

sudo gpg --dearmor --output /usr/share/debsig/keyrings/E2C75D68E6234B07/debsig.gpg bridge_pubkey.gpg

The Bridge app’s policy file, bridge.pol, can be found here.

If you are using Ubuntu 16.04 or derivatives, you need to change the xml namespace to http://…

sed -i s,https://www.debian.org,http://www.debian.org, bridge.pol

Install the policy file

Use the following commands to install the policy file.

sed -i s,https://www.debian.org,http://www.debian.org, bridge.pol

sudo mkdir -p /etc/debsig/policies/E2C75D68E6234B07

sudo cp bridge.pol /etc/debsig/policies/E2C75D68E6234B07

To check deb file run

debsig-verify protonmail-bridge_1.2.6-1_amd64.deb

The successful result should look like this:

debsig: Verified package from 'Proton Technologies AG (ProtonMail Bridge developers) <bridge@protonmail.ch>' (Proton Technologies AG)

Instruction to verify RPM package

The ProtonMail Bridge RPM package is signed using the rpm –sign.

The public key bridge_pubkey.gpg can found here.

To import the Bridge app’s public key to your keyring, use the following instructions:

sudo rpm --import bridge_pubkey.gpg

To check the .rpm file run:

rpm --checksig protonmail-bridge-1.2.6-1.x86_64.rpm

The successful result should look like this:

protonmail-bridge-1.2.6-1.x86_64.rpm: digests signatures OK

In the commands, make sure you enter the latest version of the Bridge app. If the latest version is displayed as v1.2.6, enter it as 1.2.6.-1

How to verify the PKGBUILD

This is not necessary. The package is verified automatically during the build.