ProtonMail releases PGP encryption library for the Go programming language

Aims to make it easier for developers to add end-to-end cryptography to their apps

Encrypted email and VPN provider ProtonMail has unveiled an open source project called GopenPGP, designed to make it easier for mobile and desktop developers using the Go language (golang) to use OpenPGP encryption in their apps.

The project includes a fork of the original Go cryptography libraries plus a new GopenPGP wrapper library created by ProtonMail which abstracts away many of the complex cryptography making the Go library easier to use, the firm claims.

"Developers working on apps can integrate end-to-end encryption into their products using simple commands (like sign, encrypt, decrypt, etc.) without needing to understand complicated cryptography concepts," a ProtonMail press release said.

"This high-level interface is compatible with go-mobile, a popular tool for building mobile apps written in Go," it added in a blog post.

The code has been reviewed by cyber security consultancy SEC Consult. The seven-day review unearthed one high-risk and one medium-risk vulnerability, but after repeat tests concluded ProtonMail had fixed them.

ProtonMail says the release of the project should enable it to open source the desktop and mobile app versions of its email client; the source code for the web app has been open since 2015.

The company has been in discussion with the maintainers of the golang OpenPGP project about integrating its fork - which includes new features, bug fixes, security improvements and support for elliptical curve cryptography - back into the main project, but plans to maintain its code separately for the time being. The company also maintains OpenPGP.js, a JavaScript email encryption library.

"Our mission to give people more privacy on the internet, not less," said founder and CEO Andy Yen in a statement.

"For us, that means more open source code. It means following open standards and building interoperable software. And it means contributing to the developer community with projects like OpenPGP.js and GopenPGP."

GopenPGP is free and open source software released under the MIT licence.