-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does pushbits server support end-to-end encryption? Messages are sent unencrypted to Matrix. #24
Comments
Hi @sunrisepi, thanks for bringing this up! I checked the documentation of the official Matrix library for Go, and it appears that E2E is not supported (yet). However, it turns out that the developers are working on a solution that will work for clients in other languages, too. I will set a reminder for next weekend to try work out a plan. I don't think there will be an immediate fix, but I'm happy to try my best. |
Thanks @eikendev! I look forward to your updates. By the way, I discovered Pantalaimon last night too! I am using a Raspberry Pi on ARM (32bit), and as you could probably imagine there are not always Docker images available for it. The same was true for Pantalaimon, so I had to build my own Docker image in order to try this out. Of course it didn't build correctly the first time and when I went to the Github issues page for the software, I saw that someone else had already opened an issue: matrix-org/pantalaimon#76. With a lot of diligence I was able to work past the OpenSSL failure, then discovered a Rust installation fault (was able to resolve that too!) and actually get a working image built! 😁 I posted my findings there for others in case it could help someone else. I was wondering if Pantalaimon could be used with PushBits in its native format, but based on your response it looks like PushBits may need some updates to accommodate/work with Pantalaimon. Thanks very much for PushBits, I think it's a cool software! If it could be expanded to support end to end encryption, that would be even better. 👏 🍺 😄 |
FYI @eikendev, I tried using PushBits with Pantalaimon and received an "i/o timeout" response. It doesn't seem to work. Maybe because I haven't configured things right, or maybe because PushBits requires some updates to work with Pantalaimon. I am sharing my findings in case they are helpful. Built Pantalaimon Docker image and it seems to work OK. I have this in the config, pantalaimon.conf:
Next, the config for PushBits (config.yml). I commented out https://matrix.org and replaced it with the Pantalaimon proxy (the server Pantalaimon is running on, at port 8008, as shown above in its config: ListenPort):
I started Pantalaimon and it seems to work OK:
When I visit http://192.168.1.43:8008/_matrix/client/r0/login in my local browser, I see Matrix content, which seems to indicate that the proxy is working... as I am going to my local IP on the port (8008) of Pantalaimon, and I am seeing content from https://matrix.org. Partial screenshot below: Now I start up PushBits, and see this in the log - i/o timeout: When I update PushBits config to point to Matrix.org again, then PushBits works fine, sending unencrypted notifications. So it seems the step where we are trying to use Pantalaimon, isn't working. Sharing this so it is confirmed how things work now. Thank you! |
May be worth a mention that when using the |
That's a good point @vszakats! I'll prioritize this issue once I'm freed up a bit. A first look let me think fixing this issue properly will take some more effort. |
There still seems to be no change to the current situation, the official go client does not support e2ee and pantalaimon is not yet very polished. For me there are 2 options here:
If we can commit on one of this approaches I might investigate further into this topic in the next weeks. |
I thought about switching to mautrix-go for a while because the official library only supports an old version of the protocol. The whole pantalaimon seems kind of error-prone/complicated. What do you think? |
I already used mautrix-go in other projects, the documentation is not the best and it would be a lot of work to change to it. Pantalaimon is totally new for me, never worked with it. The official go library does not provide a future proof path so we should find an alternative solution. Pantalaimon in my eyes seems to go the same route as the matrix go library with no really reliable future plan. So switching to mautrix will open new possibilities for us which would be great but it comes at the cost of reworking a lot of code. |
I agree that neither solution is perfect, which is part of the reason this issue is still open. But provided that the official library does not seem future-proof to us we may want to consider switching to mautrix-go. I imagine since they support the same API (but different version), the calls will be sort of similar? |
Yeah they will share some of the structure. So I will open a new branch and play a bit with it. |
Looked into this a bit today. Found an mautrix/go issue with links to E2EE examples: mautrix/go#19 According to that, the best example is matrix-vacation-responder, specifically the interesting parts are:
Just thought I'd link that even though I'm not working on it (or even a pushbits user, was just evaluating whether it's right for me). |
The project's current description on GitHub says:
I'd suggest updating the GitHub description and removing the strong focus on security part, as I feel it is slightly misleading at this stage. |
@mrusme, thank you for that feedback. I agree with you, please check if the updated description makes sense. |
Hello! I like what I see so far with pushbits. Thanks very much for creating it. How I am using it:
I noticed the following:
Curve25519 identity key
none
Claimed Ed25519 fingerprint key
none
Algorithm
unencrypted
I am wondering why messages I send to my local pushbits server, are not relayed to Matrix using end-to-end encryption. Would it be possible to enable this in some way?
I also noticed when I built my own local Docker image that there was a warning in the SSL certificate section (in bold below). I wonder if this could be contributing to the lack of encryption. Thank you for any information you could share... much appreciated.
FYI, I modified the first line in the Dockerfile to the following: FROM arm32v7/golang:alpine as builder
+ update-ca-certificates
WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
The text was updated successfully, but these errors were encountered: