proton URL

protonURL

Secure and confidential sharing

Secured End-to-end encrypted   Unique Single use

(optional, by default your content is encrypted with a protonURL secret key)
Remember to write down your secret key on your side and send it to the recipient of the protonURL so that he can discover its content.
Without this key it will be impossible to retrieve the content of this protonURL because we do not keep your key.
Advanced options

Tool used to share information secret, private or non-private
with a link whose content will be deleted on first reading.

Frequently asked questions

Do you want to create a pre-filled link?

You can link to protonURL with the text box pre-filled to have the protonURL ready to be created. To do this, you just need to create a link like:
https://protonurl.ch?prefilled=TG9yZW0gaXBzdW0KZG9sb3Igc2l0IGFtZXQ=

The content of the "prefilled" field must be encoded in base64. Here is an example code in PHP:
<a href="https://protonurl.ch/?prefilled=<?php echo base64_encode("Login: my-login\nPassword: my-password"); ?>" target="_blank">Bouton</a>

You can also include the language to redirect the visitor directly to your language:
<a href="https://protonurl.ch/en?prefilled=<?php echo base64_encode("Login: my-login\nPassword: my-password"); ?>" target="_blank">Bouton</a>

Please note, this feature is intended for experienced users, use these pre-filled links with care, they should only be displayed to people who are already aware of the content or to whom this content is voluntarily sent, and not to the public. The "prefilled" content encoded via base64 is not encrypted, this encoding is used simply to facilitate the creation and sharing of the link. We decline all responsibility in the event of misuse of our system.

Proof of deletion

Deletion proofs certify that a URL's content has been permanently destroyed — after being read or upon expiration.

Since version 2, each proof is cryptographically signed with protonURL's ECDSA private key. Anyone can verify it independently using the published public key — no server trust required.

To verify independently:

# 1. Fetch the proof from the API
PROTONURL="bfbc58a32b5a2fbeb18282a7944f0a56d626b0b6921408f2d35f950bdeb147dd"
curl -s "https://api.protonurl.ch/deletion_proof/$PROTONURL" > proof.json

# 2. Extract fields from JSON
URL=$(jq -r '.data.url' proof.json)
HASH=$(jq -r '.data.hash' proof.json)
DELETED_AT=$(jq -r '.data.deleted_at' proof.json)
REASON=$(jq -r '.data.reason' proof.json)
SIG=$(jq -r '.data.signature' proof.json)

# 3. Verify the signature
curl -s "https://protonurl.ch/public-key.pem" > public-key.pem
printf '%s' "${URL}|${HASH}|${DELETED_AT}|${REASON}" > data.txt
echo "$SIG" | base64 -d > sig.bin
openssl dgst -sha256 -verify public-key.pem -signature sig.bin data.txt

Concrete example

# proof.json :
# {
#   "data": {
#     "version": 2,
#     "url": "bfbc58a32b5a2fbeb18282a7944f0a56d626b0b6921408f2d35f950bdeb147dd",
#     "hash": "57837d70babaa970d2f65bc78a88db497316cb20ff2f4724983c86d1623367a9",
#     "deleted_at": "2026-03-13 11:35:00",
#     "reason": "expired",
#     "signature": "MEUCIEN2lbCJ3uuG///Q1TWGjXbjUUjO7If5iOv5nkFpwa7IAiEA23/cDclK6YuEx/qzoQTHLXeNWug55TYnUgznz/S/nYU="
#   }
# }

# data.txt will contain :
# bfbc58a32b5a2fbeb18282a7944f0a56d626b0b6921408f2d35f950bdeb147dd|57837d70babaa970d2f65bc78a88db497316cb20ff2f4724983c86d1623367a9|2026-03-13 11:35:00|expired

# openssl will output :
# Verified OK
Download public key