Skip to content

Latest commit

 

History

History
109 lines (70 loc) · 3.2 KB

README.md

File metadata and controls

109 lines (70 loc) · 3.2 KB
Raw

hydroxide

A third-party, open-source ProtonMail bridge. For power users only, designed to run on a server.

hydroxide supports CardDAV, IMAP and SMTP.

Rationale:

  • No GUI, only a CLI (so it runs in headless environments)
  • Standard-compliant (we don't care about Microsoft Outlook)
  • Fully open-source

Feel free to join the IRC channel: ##emersion on irc.freenode.net.

How does it work?

hydroxide is a server that translates standard protocols (SMTP, IMAP, CardDAV) into ProtonMail API requests. It allows you to use your preferred e-mail clients and git-send-email with ProtonMail.

+-----------------+             +-------------+  ProtonMail  +--------------+
|                 | IMAP, SMTP  |             |     API      |              |
|  E-mail client  <------------->  hydroxide  <-------------->  ProtonMail  |
|                 |             |             |              |              |
+-----------------+             +-------------+              +--------------+

Can this be used to send email encrypted with a key that is unknown to ProtonMail?

No, ProtonMail doesn't allow encryption via your own keys in Enigmail / Gnupg client. Just like in ProtonMail's Bridge app, you will get an error when trying to send email that has already been encrypted with a PGP key they don't recognize:

554 5.0.0 Error: transaction failed, blame it on the weather: cannot upload attachment: [11101] Invalid input. Please check the message and try again.

If you provide ProtonMail with the private key through your account (not recommended), it may work, however this has not been tested.

Setup

Go

hydroxide is implemented in Go. Head to Go website for setup information.

Installing

Start by installing hydroxide:

GO111MODULE=on go get github.com/emersion/hydroxide/cmd/hydroxide

Then you'll need to login to ProtonMail via hydroxide, so that hydroxide can retrieve e-mails from ProtonMail. You can do so with this command:

hydroxide auth <username>

Once you're logged in, a "bridge password" will be printed. Don't close your terminal yet, as this password is not stored anywhere by hydroxide and will be needed when configuring your e-mail client.

Your ProtonMail credentials are stored on disk encrypted with this bridge password (a 32-byte random password generated when logging in).

Usage

hydroxide can be used in multiple modes.

Don't start hydroxide multiple times, instead you can use hydroxide serve. This requires ports 1025 (smtp), 1143 (imap), and 8080 (carddav).

SMTP

To run hydroxide as an SMTP server:

hydroxide smtp

Once the bridge is started, you can configure your e-mail client with the following settings:

  • Hostname: localhost
  • Port: 1025
  • Security: none
  • Username: your ProtonMail username
  • Password: the bridge password (not your ProtonMail password)

CardDAV

You must setup an HTTPS reverse proxy to forward requests to hydroxide.

hydroxide carddav

Tested on GNOME (Evolution) and Android (DAVDroid).

IMAP

For now, it only supports unencrypted local connections.

hydroxide imap

License

MIT