TypeScript protoncalendar

Open-source TypeScript projects categorized as protoncalendar
Edit details
Topics: protoncontacts Protonmail protondrive Monorepo React
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

TypeScript protoncalendar Projects

  • ProtonMail Web Client

    Monorepo hosting the proton web clients

    • Project mention: Proton Mail Discloses User Data Leading to Arrest in Spain | news.ycombinator.com | 2024-05-07

    > Is this password-derived key the "account key" which I see in the Proton Mail settings interface?

    No, the account key is an OpenPGP key which is encrypted with a key derived from your password. The "key encryption key" is not separately visible. The address keys are in turn encrypted using the account key.

    > Please clarify what key derivation function is being used.

    We use bcrypt, in addition to the OpenPGP S2K (i.e. the bcrypt output is fed as the "password" to OpenPGP's key encryption).

    We are in the process of rolling out OpenPGP.js v6, which supports Argon2 for the OpenPGP S2K step, after which we'll start using that - but we aren't quite yet.

    > Are there instructions for verifying that all this is happening? I think a lot of folks on HN won't be convinced otherwise.

    Take a look at https://github.com/ProtonMail/WebClients/blob/main/packages/..., for example. Though to be honest, if you want to verify that we aren't sending the password to the server anywhere, in principle you'd have to check the code of the entire web app. It's all open source, but it's a lot of work, of course. But you can also check the latest audit report: https://proton.me/blog/security-audit. They also verified all of this stuff.

    > It's just that I'm going to create an OpenPGP identity for things like signing code commits on git, signing packages I publish. (...) So I was really hoping to be able to use Proton Mail with this identity instead of the key pair that's generated for the account.

    Yeah, I understand. Though, the typical advice from a cryptographer's perspective would be, it's better to use separate keys for separate purposes; and the simplest way to do that is to generate separate OpenPGP certificates, so that's what we'd generally recommend. But, if you want to generate separate subkeys and sign them all using a common primary key, that's also reasonable enough. And, we can improve the documentation on that, although it's a bit of a niche use case (not for HN of course, but for the general audience it is).

    > Thanks for reaching out here on HN. I've been a really happy Proton Mail customer and now I'm even happier.

    Thanks, glad to hear! :)

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Index

Project Stars
1 ProtonMail Web Client 4,114

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com