proton-sdk-rs
A pure-Rust reimplementation of the Proton Drive SDK.
This repository contains two primary crates that replicate the functionality of the official Proton SDKs (available locally in the sdk/ submodule). Rather than relying on FFI bindings to the official C# NativeAOT core, proton-sdk-rs is a pure-Rust implementation. It communicates directly with the Proton Drive API over HTTP and performs all OpenPGP cryptographic operations natively using the pgp (rPGP) crate.
[!NOTE] This is an unofficial, third-party project and is not affiliated with or endorsed by Proton. Applications building on top of this SDK must adhere to the operational guidelines of the upstream SDK (such as setting an honest
x-pm-appversionheader, using event-based sync, and avoiding Proton branding). Detailed requirements are documented in the upstream sdk/README.md.
Proven in Action
This SDK is the core engine powering the following real-world projects:
- proton-drive-linux: A native client and daemon for mounting and syncing Proton Drive on Linux systems, utilizing both crates provided by this repository.
Workspace Structure
The workspace is divided into two crates, mirroring the separation of concerns in the upstream C# codebase:
| Crate | Version | Docs | Analogue | Description | Key Modules / Entrypoint |
|---|---|---|---|---|---|
crates/proton-sdk |
Proton.Sdk |
Foundational account, session, HTTP client, and OpenPGP cryptography. | ProtonApiSession |
||
crates/proton-drive-rs |
Proton.Drive.Sdk |
High-level Drive & Photos client operations, folders/links management, uploads/downloads, events, caching. | ProtonDriveClient, ProtonPhotosClient |
OpenPGP features are powered by rPGP (version 0.20), and HTTP requests are built on reqwest.
Current Feature & Parity Status
proton-sdk-rs implements Milestone 2 (Authenticated Read/Write). Parity with the official C# SDK (pinned at the upstream commit documented in UPSTREAM_SYNC.md) is actively maintained.
Feature Matrix
| Module | Feature | Rust Status | Notes / Upstream Parity |
|---|---|---|---|
| Session | SRP-6a Login | ✅ | Password-based authentication via begin / SRP-6a proofs. |
| TOTP 2FA | ✅ | Support for applying second-factor TOTP codes. | |
| Token Refresh | ✅ | Scope refresh and transparent 401 token refresh. | |
| Resume Session | ✅ | Restore clients instantly via serialized tokens. | |
| HTTP Client | Retries & Jitter | ✅ | Exponential backoff for 408, 429, and 5xx, respecting Retry-After. |
| Telemetry | ✅ | Pluggable request tracking (ITelemetry analogue). |
|
| Drive / Volume | Volume Resolution | ✅ | Auto-resolves volume lists; auto-creates the my-files root volume on first login. |
| Node Listing | ✅ | get_node, enumerate_folder_children, enumerate_trash with key resolution. |
|
| File Operations | ✅ | Rename, trash, restore, delete, empty trash. | |
| Move Operations | ✅ | Same-volume move. Batch moves are chunked automatically. | |
| Cross-volume Move | ❌ | Not supported (throwing NotImplementedException in the C# public API too). |
|
| Sharing | ❌ | Sharing APIs are omitted (absent in C# public API). | |
| Uploads | Block Uploading | ✅ | Encrypts and uploads chunks (4 MiB default) to block storage. |
| Streaming Upload | ✅ | Streams uploads from any type implementing std::io::Read. |
|
| Revision Control | ✅ | Create drafts, upload blocks, and seal new file revisions. | |
| AEAD Block Support | ✅ | SEIPDv2 / AES-256-GCM AEAD encryption alongside legacy SEIPDv1 (AES-256-CFB). | |
| Inline Thumbnails | ✅ | Generates and encrypts inline-signed thumbnails. | |
| Downloads | Block Downloading | ✅ | Streams block retrieval, decryption, and signature checks. |
| Content Integrity | ✅ | Verification of file manifests and block-level SHA-256 digests. | |
| Signature Verification | ✅ | Detached signature verification (non-fatal, reports status). | |
| Photos | Photos Timeline | ✅ | ProtonPhotosClient maps photostream, timeline enumeration, and photo downloads. |
| Photo Uploads | ✅ | Uploading photos with PhotoUploadMetadata (capture time, tags, grouping). |
|
| Photos Volume Create | ❌ | Volume creation is not yet ported. | |
| Caching | Pluggable Cache | ✅ | Pluggable entity cache (with_entity_cache); keys/secrets remain strictly in memory. |
Deep Dive: Cryptographic Implementation
Proton Drive relies on client-side zero-knowledge encryption. The security architecture is built on a layered key model.
1. Layered Key Hierarchy
To perform any read or write operation, you must supply the user's mailbox (data) password in addition to the API session tokens. Decryption cascades as follows:
[Mailbox Password] + [Key Salt]
│
▼ (bcrypt key-passphrase derivation)
[Key Passphrase]
│
▼ (unlocks)
[User Private Keys]
│
▼ (decrypts)
[Address Key Token] ──► [Address Private Key]
│
▼ (decrypts)
[Share Passphrase]
│
▼ (unlocks)
[Share/Node Private Key]
│
├──────────────────────────────┐
▼ (decrypts metadata/names) ▼ (decrypts content packet)
[Decrypted File Name] [Content Key (Symmetric AES-256)]
│
▼ (decrypts)
[File Ciphertext Blocks]
- Passphrase Derivation: The user's mailbox password is derived into a key passphrase via
bcryptusing salts fetched from the API. See derive.rs. - User & Address Keys: The key passphrase unlocks the primary user keys. These keys are used to decrypt the tokens representing the user's address keys. Once unlocked, the address keys allow verification of signatures and unlocking of share keys. See keys.rs.
- Share & Node Keys: Nodes (files and folders) belong to shares. A share's passphrase is decrypted by the address key. The decrypted share passphrase is used to unlock the node's private key (usually X25519/Ed25519 or legacy RSA).
- File Content Keys: Files contain metadata and data blocks. The file's name and passphrase are encrypted. The symmetric Content Key (AES-256) is encapsulated in a PGP Public-Key Encrypted Session-Key (PKESK) packet addressed to the node key. See content.rs.
2. Download Pipeline
When streaming a file download via download_file or download_file_to:
- Resolve and Decrypt Content Key: The PKESK packet
ContentKeyPacketis retrieved from the node metadata and decrypted using the unlocked node private key, yielding theContentKey(the symmetric session key). - Retrieve Block List: The client requests the active revision block list. Each block is represented by an absolute URL (
BareURL) and requires a one-timepm-storage-tokenheader (bearer auth is not sent to block storage hosts). - Stream & Decrypt Blocks:
- The block's ciphertext is downloaded.
- For legacy files (SEIPDv1): The ciphertext is decrypted using the content key in AES-256-CFB mode with MDC verification.
- For AEAD files (SEIPDv2): The ciphertext is decrypted using the content key in AES-256-GCM mode with 128 KiB chunk sizes.
- Integrity & Signature Verification:
- The client computes the SHA-256 hash of each ciphertext block and compares it against the digests specified in the file's Content Manifest.
- The manifest's signature (
ManifestSignature) is verified. The public keys for verification are resolved dynamically from the author's address (viacore/v4/keys/all). - Signature verification is non-fatal: a verification failure yields a
VerificationStatusbut does not block read access. See verify.rs.
3. Upload Pipeline
When uploading a file:
- Generate Node & Content Keys: The client generates a fresh node keypair (Ed25519/X25519) and a random AES-256 content key.
- Prepare Draft:
- The node passphrase is encrypted under the parent folder's key.
- The file name is encrypted and hashed (HMAC-SHA256) under the parent's keys.
- The content key packet is generated by encrypting the content key to the file's node key.
- A draft revision is registered via
POST v2/volumes/{vid}/files.
- Upload Blocks:
- Files are split into blocks (typically 4 MiB).
- Each block is encrypted into a PGP SEIPD packet (either SEIPDv1 or SEIPDv2/AEAD).
- A detached plaintext signature is generated for the block and encrypted to the file's node key.
- The encrypted block is POSTed to the storage endpoint.
- Seal Revision:
- Once all blocks are uploaded, the client compiles the Content Manifest (concatenated SHA-256 block hashes + encrypted XAttr metadata block).
- The manifest is signed using the address key (
ManifestSignature). - The revision is closed and finalized using a
PUTrequest. See client.rs for the upload orchestration logic.
4. Same-Volume Move Cryptography
Moving a file or folder within the same volume is an offline cryptographic operation that avoids re-uploading file data.
- Passphrase Rewrapping: The node's passphrase must be re-encrypted from the source parent's key to the destination parent's key.
proton-sdk-rsperforms this by decrypting the passphrase session key and re-encrypting it (rewrap_message_to), creating a new detachedNodePassphraseSignature. See content.rs. - Metadata Update: The file name is re-encrypted under the destination's name key, and the name's search hash is recalculated under the destination's hash key. These are submitted via the batch move endpoint.
Usage Example
The following code illustrates performing an SRP login, resolving the My Files root, and listing its immediate children.
use ProtonClientConfiguration;
use ProtonApiSession;
use ProtonDriveClient;
async
If you have pre-saved session tokens, you can skip the login flow and resume the session immediately using ProtonApiSession::resume.
A live smoke test exists in live_login.rs (which reads credentials from a local .env and PROTON_TOTP_SECRET env var):
PROTON_TOTP_SECRET=...
Development & Testing
Building
Ensure you have Rust installed (tested with Rust 1.75+).
Running Tests
Unit tests verify the offline SRP math, key derivation, and block cryptosystems:
Live Integration Tests
The live test suite runs read, write, upload, download, and event sync flows against a real Proton account. These tests are ignored by default. To run them, create a .env file at the root containing:
username=your_test_user@proton.me
password=your_mailbox_password
Then run:
# Run tests sequentially using a single thread (to prevent TOTP overlap and anti-abuse limits)
PROTON_TOTP_SECRET=your_base32_totp_secret
License
This project is licensed under the MIT License, matching the license of the upstream SDK. See LICENSE for details. Use of Proton's hosted services remains subject to Proton's terms of service.