ProtonMail uses the latest web technologies to secure your data. In order for these technologies to work, you must use a browser that supports the Web Cryptography API (Web Crypto). In this article, we explain what Web Crypto is.
What is the Web Crypto API?
The Web Cryptography API is a set of functions implemented by the browser that provide common cryptographic operations, such as encrypting and decrypting data and generating the cryptographically secure random numbers required for generating secure random private keys.
These operations are implemented natively by the browser, rather than in our web application. There are a few reasons for this:
- A native implementation in the browser is often faster. For example, it can leverage hardware-based support for AES encryption and decryption, resulting in improved performance.
- It is easier to ensure that a native implementation is resistant to timing attacks.
- All modern operating systems have a means of collecting entropy to generate the truly random numbers required for secure encryption. A native browser implementation is required to allow the web application to make use of this secure randomness.
Most modern browsers support the Web Crypto API, including recent versions of Firefox, Chrome, Safari, Edge, and Opera. However, Internet Explorer 11 only supports an older version of the API, and is therefore not supported by ProtonMail.