They private key is being sent to the server. Can't stress this enough. How else can you access your mail on a new device with your primary device disconnected?
"Your ProtonMail private key is stored encrypted on your browser using your mailbox password. It is sent to our servers in the encrypted form. The only time it is decrypted is when you correctly enter your mailbox password." [1]
fun fact: the webcrypto api does allow marking a key as non-exportable. So you could imagine deriving the key from the passphrase and having it only exist within the WebCrypto framework.
It is however going to be hard to prevent a malicious active attacker from stealing the passphrase.
The webcrypto api also can't stop the server from sending malicious javascript to a user which when run uses the webcrypto key to decrypt the user's data and send it back to the server. Also, if the server is malicious on the first connection, then the server could just not use the webcrypto api to begin with, and just make use a key that the server knows instead.
The webcrypto api is still pretty cool though. I've been hoping for an excuse to use it sometime.
stabbles|8 years ago
"Your ProtonMail private key is stored encrypted on your browser using your mailbox password. It is sent to our servers in the encrypted form. The only time it is decrypted is when you correctly enter your mailbox password." [1]
[1] https://protonmail.com/support/knowledge-base/how-is-the-pri...
amenghra|8 years ago
It is however going to be hard to prevent a malicious active attacker from stealing the passphrase.
AgentME|8 years ago
The webcrypto api is still pretty cool though. I've been hoping for an excuse to use it sometime.