Does pushbits server support end-to-end encryption? Messages are sent unencrypted to Matrix. about server HOT 13 OPEN

Hi @sunrisepi, thanks for bringing this up!

I checked the documentation of the official Matrix library for Go, and it appears that E2E is not supported (yet). However, it turns out that the developers are working on a solution that will work for clients in other languages, too.

I will set a reminder for next weekend to try work out a plan. I don't think there will be an immediate fix, but I'm happy to try my best.

from server.

That's a good point @vszakats! I'll prioritize this issue once I'm freed up a bit. A first look let me think fixing this issue properly will take some more effort.

from server.

Looked into this a bit today. Found an mautrix/go issue with links to E2EE examples: mautrix/go#19

According to that, the best example is matrix-vacation-responder, specifically the interesting parts are:

• vacation_responder.go's crypto initialization code
• helper.go's SendMessage

Just thought I'd link that even though I'm not working on it (or even a pushbits user, was just evaluating whether it's right for me).

from server.

Thanks @eikendev! I look forward to your updates. By the way, I discovered Pantalaimon last night too! I am using a Raspberry Pi on ARM (32bit), and as you could probably imagine there are not always Docker images available for it. The same was true for Pantalaimon, so I had to build my own Docker image in order to try this out.

Of course it didn't build correctly the first time and when I went to the Github issues page for the software, I saw that someone else had already opened an issue: matrix-org/pantalaimon#76. With a lot of diligence I was able to work past the OpenSSL failure, then discovered a Rust installation fault (was able to resolve that too!) and actually get a working image built! 😁 I posted my findings there for others in case it could help someone else.

I was wondering if Pantalaimon could be used with PushBits in its native format, but based on your response it looks like PushBits may need some updates to accommodate/work with Pantalaimon. Thanks very much for PushBits, I think it's a cool software! If it could be expanded to support end to end encryption, that would be even better. 👏 🍺 😄

from server.

FYI @eikendev, I tried using PushBits with Pantalaimon and received an "i/o timeout" response. It doesn't seem to work. Maybe because I haven't configured things right, or maybe because PushBits requires some updates to work with Pantalaimon. I am sharing my findings in case they are helpful.

Built Pantalaimon Docker image and it seems to work OK. I have this in the config, pantalaimon.conf:

[Default]
LogLevel = Debug
SSL = True

[local-matrix]
Homeserver = https://matrix.org
ListenAddress = 0.0.0.0
ListenPort = 8008
SSL = False
UseKeyring = False
IgnoreVerification = True

Next, the config for PushBits (config.yml). I commented out https://matrix.org and replaced it with the Pantalaimon proxy (the server Pantalaimon is running on, at port 8008, as shown above in its config: ListenPort):

matrix:
    # The Matrix server to use for sending notifications.
    #homeserver: 'https://matrix.org'
    homeserver: 'http://192.168.1.43:8008'

I started Pantalaimon and it seems to work OK:

pi@pi:~/dockerapps/pushbits/data $ docker run -it --rm -v /home/pi/dockerapps/pantalaimon/data:/data -p 8008:8008 pantalaimon
======== Starting daemon for homeserver local-matrix on http://0.0.0.0:8008 ========
(Press CTRL+C to quit)

When I visit http://192.168.1.43:8008/_matrix/client/r0/login in my local browser, I see Matrix content, which seems to indicate that the proxy is working... as I am going to my local IP on the port (8008) of Pantalaimon, and I am seeing content from https://matrix.org. Partial screenshot below:

Now I start up PushBits, and see this in the log - i/o timeout:

When I update PushBits config to point to Matrix.org again, then PushBits works fine, sending unencrypted notifications. So it seems the step where we are trying to use Pantalaimon, isn't working. Sharing this so it is confirmed how things work now. Thank you!

from server.

May be worth a mention that when using the matrix.org server, HTTPS encrypted requests are visible in cleartext at Cloudflare. E.g. message text, room ID, sender username, password; besides the sender IP and user-agent of course.

from server.

There still seems to be no change to the current situation, the official go client does not support e2ee and pantalaimon is not yet very polished.

For me there are 2 options here:

1. Switch to mautrix-go which supports e2ee
2. Make sure PushBits runs with pantalaimon and add instruction to the documentation

If we can commit on one of this approaches I might investigate further into this topic in the next weeks.

from server.

I thought about switching to mautrix-go for a while because the official library only supports an old version of the protocol. The whole pantalaimon seems kind of error-prone/complicated. What do you think?

from server.

I already used mautrix-go in other projects, the documentation is not the best and it would be a lot of work to change to it. Pantalaimon is totally new for me, never worked with it.

The official go library does not provide a future proof path so we should find an alternative solution. Pantalaimon in my eyes seems to go the same route as the matrix go library with no really reliable future plan.

So switching to mautrix will open new possibilities for us which would be great but it comes at the cost of reworking a lot of code.

from server.

I agree that neither solution is perfect, which is part of the reason this issue is still open. But provided that the official library does not seem future-proof to us we may want to consider switching to mautrix-go. I imagine since they support the same API (but different version), the calls will be sort of similar?

from server.

Yeah they will share some of the structure. So I will open a new branch and play a bit with it.

from server.