mlopezr
commented
7 years ago Indeed, end to end encryption is not yet supported because I didn't have time to implement it. Pull requests are welcome.
Open travisghansen opened 7 years ago
mlopezr
commented
7 years ago Indeed, end to end encryption is not yet supported because I didn't have time to implement it. Pull requests are welcome.
yousefamar
commented
3 years ago Just want to give you a heads up on this, since I tried implementing it myself a while ago, without success. It's really not easy. There are fundamentally two ways to implement a Matrix bot that I can see:
The problem with the first approach is that the bot does not have the keys necessary to decrypt messages from E2EE rooms. The bot also needs the deviceID additionally. In theory, the keys can be gotten from the homeserver's backups (through a passphrase or mnemonic) or from a local backup file. In practice, this is damn near impossible, because this functionality is too strongly coupled with matrix-react-sdk not matrix-js-sdk and relies on all sorts of UI interaction in a browser (not node.js) in addition to all sorts of hacks needed for WebCrypto support in node. The approach of allowing the user to paste the keys from the backup file into the node's config is also a dead end, since the code to parse that format is yet again an element-web/matrix-react-sdk thing and tightly coupled.
The problem with the second approach is that sessions are not meant to be ephemeral; logging out should be rare, so a bot that logs in and out repeatedly (e.g. in start and close in Node-RED) will cause problems. The main problem is that — again quite frankly due to the state of matrix-js-sdk — cross-signing with existing sessions is damn near impossible with a bot like this. This makes it so that the Node-RED session will un-verify you, and you'll get a red shield on your user in all your rooms. Because of other open issues (1, 2, 3), this can have some frustrating side effects.
Short of matrix-js-sdk improving (or better yet, matrix-bot-sdk), one option may be to create a persistent session, cross-sign it manually somehow (with emoji / QR code) and store the keys locally such that the same session can be reused when Node-RED restarts (without logging out) but this very hard and super fragile.
Eventually I just gave up on this, and decided to stick with unencrypted chat for my use case.
skylord123
commented
3 years ago I created my own Matrix module for Node-RED and just launched verison 0.1.5 which has support for e2ee: https://flows.nodered.org/node/node-red-contrib-matrix-chat
@yousefamar I didn't run into any of the same problems as you. matrix-js-sdk actually handles encryption pretty well out of the box, it just isn't very well documented. The issue I had was decrypting files but even then I found https://github.com/matrix-org/browser-encrypt-attachment/blob/master/index.js which pointed me in the right direction.
I believe all that is left to do is to encrypt files/images before sending them out. If all you care about is sending/receiving messages and receiving encrypted files this is ready.
yousefamar
commented
2 years ago Hey @skylord123, it's been over a year, but I only just had a chance to revisit this. I tried your module -- thanks a lot for creating that, much more feature-rich!
I think you've cracked the persistent sessions part (?) but judging by this note in the readme, you might have run into the same problem that I described about my second point above:
Currently, this module has no way of getting encryption keys from other devices on the same account.
My use case is something like an auto-responder, so a lot of my problems stem from needing to send messages from my own account. With your module, unfortunately the same problem that I described persists: any message sent by the Node-RED session will show up with a big red shield as unverified.
I saw that you've already solved verification for accounts created by the module, which led me to find out that you've already been working on this on a branch (https://github.com/Skylar-Tech/node-red-contrib-matrix-chat/tree/e2ee-key-sharing) so watching your repo in case you crack it and hoping you do!
At any rate, your module works great for me without E2EE enabled, which covers my biggest use case anyway (auto-response on bridges where E2EE is irrelevant, rather than matrix rooms).
I'm not super familiar with
matrixyet, just getting started. From what I can tell it not possible to encrypt a chat with the current setup (nodered doesn't have keys etc). Would it be possible to add that support?