It additionally employs TLS certificate public key pinning to ensure it only connects to trusted Proton Mail servers. The user’s hashed and salted mailbox password (used to decrypt their PGP keys) and Bridge password (used to connect an email client to Bridge) are also held in the operating system’s keychain.Įnsuring a secure connection to Proton servers Bridge communicates with the Proton Mail API over an encrypted TLS connection. The refresh token is used to generate new access tokens and is stored securely in the operating system’s keychain (Windows Credentials Manager, macOS Keychain, or pass/gnome-keyring on Linux). The access token is relatively short-lived and is used to authenticate any subsequent API requests it is stored in the device’s memory. This authentication process ensures a user’s password never leaves their machine, and it generates an access token and a refresh token. Your passwords never leave your machine Users log in to Bridge, which in turn authenticates with the Proton Mail API using the Secure Remote Password protocol (new window). We explain how Bridge secures this sensitive data in greater detail below. Encrypted messages, attachments, and metadata.Public and private keys for sending and reading messages.User credentials and an access token for authentication with the Proton servers.
This data includes (but is not limited to): Bridge security featuresĪs part of normal, day-to-day operations, Bridge must handle different types of data with varying levels of sensitivity. You can view Bridge’s open source code on GitHub (new window), review the security audit report by SEC Consult, and read more about it in our open source Bridge announcement (new window). You can also read more about what Proton Mail is and is not designed to protect you from in the Proton Mail threat model (new window). This security model is technical in nature, but was written in plain language so that the average user can understand the important takeaways. (Note: This security model applies to the Bridge application for Linux, macOS, and Windows.) This document discusses how Bridge handles sensitive information, describes its potential attack vectors, and explains the security features that mitigate these attacks. It allows for full integration of your Proton Mail account with email clients like Microsoft Outlook, Mozilla Thunderbird, and Apple Mail. Proton Mail Bridge is a desktop application that runs in the background on your computer and encrypts and decrypts your mail as it enters and leaves your device. Last update on NovemPublished on April 15, 2020
0 kommentar(er)
