End-to-end data encryption

[heroinedor]

What about the end-to-end data encryption when 2 non-matrix IM are talking together ?

Is it possible to have encryption at the bridge level ? Or is it mandatory to use a separate tool ?

[ad2ien]

For instance, for the Slack bridge, only slack <-> bridge is encrypted. It’s possible to de-cypher room messages but each user should be using a tool like pantalaimon.

So E2EE doesn’t look possible with a bridge but it looks possible to use bridge to end encryption: https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html Next step : how does it work? it really needs further investigation and POC to understand how the bridge can be able to translate encrypted room messages.

References

• https://github.com/matrix-org/pantalaimon
• https://matrix-org.github.io/matrix-appservice-bridge/3.1.0/classes/encryptedeventbroker.html
• https://matrix-appservice-slack.readthedocs.io/en/stable/bridge-encryption/
• https://techcrunch.com/2022/12/30/inside-matrix-the-protocol-that-might-finally-make-messaging-apps-interoperable/?guccounter=1
• https://matrix.org/blog/2022/03/25/interoperability-without-sacrificing-privacy-matrix-and-the-dma/
• https://www.cs.ru.nl/bachelors-theses/2020/Floris_Hendriks___4749294___Analysis_of_key_management_in_Matrix.pdf

[ad2ien]

About mautrix slack bridge it only allow does only from slack -> MX, but:

• with bridge encryption enabled
• create an encrypted room
• invite slack bot
• send the message !slack help
• you receive the bot help message so we can assume the bridge is able to decrypt the help message

further investigation needed to see how it is done...

[ad2ien]

And some additional thoughts there : https://github.com/eimis-ans/eimis-synapse/issues/180#issuecomment-1778874116