is an Electron-based unofficial desktop client for ProtonMail and Tutanota end-to-end encrypted email providers. The app aims to provide enhanced desktop user experience enabling features that are not supported by the official in-browser web clients. It is written in TypeScript and uses Angular.
The download page with Linux/OSX/Windows installation packages is here.
Snap packages are also available for installing from the following repositories (both repositories are being maintained by @joshirio):
- Open Source.
⚙️Reproducible builds. ⚙️Cross platform. The app works on Linux/OSX/Windows platforms. 📫Multi email providers support. ProtonMail and Tutanota at the moment. Tutanota support is deprecated since Jul 2019. 📫Multi accounts support per each email provider including supporting individual entry point domains. 🔓Automatic login into the app with a remembered master password using keytar module (keep me signed in feature). 🔓Automatic login into the email accounts, including filling 2FA tokens. Two auto-login delay scenarios supported in order to make it harder to correlate the identities, see the respective issue. 🔐Encrypted local storage with switchable predefined key derivation and encryption presets. Argon2 is used as the default key derivation function. 🔔Native notifications for individual accounts clicking on which focuses the app window and selects respective account in the accounts list. 🔔System tray icon with a total number of unread messages shown on top of it. Enabling local messages store improves this feature (how to enable), see respective issue. ⚙️Starting minimized to tray. ⚙️Closing to tray. ⚙️Switchable view layouts (full, tabs and dropdown). See details here and screenshots in the images folder. 📦Offline access to the emails. The local store feature enables storing your messages in the encrypted
database.binfile, so you could view your messages offline, perform a full-text search against them and export them to EML files. Enabled since v2.0.0 release.
📦Batch emails export to EML files. Feature released with v2.0.0-beta.4 version, requires
local messages storefeature to be enabled (how to enable).
🔎Full-text search. Enabled with v2.2.0 release. See the respective issue for details. 🔐Built-in/prepackaged web clients. The built-in web clients are built from source code, see respective official Protonmail and Tutanota repositories. See 79 and 80 issues for details. ⚙️Configuring proxy per account support. Enabled since v3.0.0 release. See 113 and 120 issues for details. 📝Spell Checking.
How to build your own installation package from source code
Building on Continuous Integration server
The reproducible builds idea is respected by the project. So the simplest way to prepare your own installation package from the source code is to clone the project and hook it up to the AppVeyor and Travis CI systems. The respective config files appveyor.yml and .travis.yml come with the project.
- Regardless of the platform you are working on, you will need to have Node.js v11 installed. v11 as it's recommended to go with the same Node.js version Electron comes with. If you already have Node.js installed, but not the v11, then you might want to use Node Version Manager to be able to switch between multiple Node.js versions:
- Install NVM.
nvm install 11.
nvm use 11.
- Some native modules require node prebuilds files compiling and for that Python and C++ compiler need to be installed on your system:
Windows: the simplest way to install all the needed stuff on Windows is to run
npm install --global --production windows-build-toolsCLI command. Tutanota and ProtonMail web clients projects require bash for building, so a few more steps need to be fulfilled:
- Install bash then check the path of bash ex:
npm config set script-shell "C:\\Program Files\\git\\bin\\bash.exe"command.
- Install bash then check the path of bash ex:
makeand a C/C++ compiler toolchain, like
GCCare most likely already installed. Besides keytar needs
libsecretlibrary to be installed.
Mac OS X:
python v2.7and Xcode need to be installed. You also need to install the
Command Line Toolsvia Xcode, can be found under the
Xcode -> Preferences -> Downloadsmenu.
- Clone this project to your local device. If you are going to contribute, consider cloning the forked into your own GitHub account project.
- Install Yarn.
- Install dependencies running
- Build app running
yarn run app:dist.
- Build a package to install running
yarn run electron-builder:distcommand to build Windows/Mac OS X package and one of the following commands to build Linux package:
yarn run electron-builder:dist:linux:appimage
yarn run electron-builder:dist:linux:deb
yarn run electron-builder:dist:linux:freebsd
yarn run electron-builder:dist:linux:pacman
yarn run electron-builder:dist:linux:rpm
yarn run electron-builder:dist:linux:snap
- If you don't need a package to install, but a folder to execute app from, simply run
yarn run electron-builder:dircommand.
- Binary executable, whether it's a folder or package to install, comes into the
To recap, considering that all the described build requirements are met, the short command to build let's say Arch Linux package will be
yarn --pure-lockfile && yarn app:dist && yarn electron-builder:dist:linux:pacman.
Data/config files created and used by the app
If you want to backup the app data these are only files you need to take care of (files localed in the settings folder):
config.jsonfile keeps config parameters. There is no sensitive data in this file, so unencrypted.
settings.binfile keeps added to the app accounts including credentials if a user decided to save them. The file is encrypted with 32 bytes length key derived from the master password.
database.binfile is a local database that keeps fetched emails/folders/contacts entities if the
local storefeature was enabled for at least one account. The file is encrypted with 32 bytes length key randomly generated and stored in
settings.bin. The app by design flushes and loads to memory the
database.binfile as a whole thing but not like encrypting only the specific columns of the database. It's of course not an optimal approach in terms of performance and resource consumption but it allows keeping the metadata hidden. You can see some details here.
database-session.binfile is being used in the same way and for the same purpose as
database.binbut it holds the current session data only. The data from this file will be merged to the
database.binon the next app unlocking with the master password.
log.logfile keeps log lines. The log level by default is set to
Removing the app
It's recommended to perform the following actions before uninstalling the app:
- If you had the
Keep me signed infeature enabled (see screenshot), click
Log-outaction in the app menu (see screenshot). That will remove locally stored master password (done with node-keytar). You can also remove it having the app already uninstalled, but that would be a more complicated way as you will have to manually edit the system's keychain.
- Remove settings folder manually. You can locate settings folder path clicking
Open setting folderapp/tray menu item (see screenshot) or reading