#protonmail #debian #linux
Currently protonmail bridge for linux is distributed as part of an open beta program, but soon it will be made public (https://protonmail.com/bridge/install).
Consider that the bridge linux client requires a paid protonmail account to work.
Download the latest package into your computer.
wget --no-check-certificate https://protonmail.com/download/bridge/protonmail-bridge_2.1.3-1_amd64.deb
The link above is working at the time of writing this article, but as the bridge team pointed out, they will expire all the previous links once they release a new version to encourage the installation of the latest version.
To get the latest version try replacing/increasing the version numbers on the link provided or write an email to [email protected] (https://protonmail.com/support/knowledge-base/bridge-for-linux/)
We will need root access for the setup
su root
Import the protonmail bridge public key
nano bridge_pubkey.gpg
(copy the content of the file and save) or the public key bridge_pubkey.gpg can found:https://protonmail.com/download/bridge_pubkey.gpg
rpm --import bridge_pubkey.gpg
Download the protonmail-bridge package
cd /tmp
wget --no-check-certificate https://protonmail.com/download/bridge/protonmail-bridge_2.1.3-1_amd64.deb
Check the rpm package is correctly signed
rpm --checksig protonmail-bridge_2.1.3-1_amd64.deb
Install dependencies for protonmail-bridge
apt install qt5-default libqt5designer5 libqt5multimediawidgets5 libqt5quickwidgets5 libpulse-mainloop-glib0 libsecret-1-0 ttf-dejavu net-tools libsecret-common libsecret-tools
Install the protonmail bridge client
dpkg -i protonmail-bridge_2.1.3-1_amd64.deb
Install the "pass" password manager that protonmail bridge will use to store the passwords
apt install pass
Install the "screen" utility to daemonize the protonmail bridge client
apt install screen
We will create a new user mainly to isolate the access to the passwords of other users.
Notice that the new user will be locked to disable access to this user from outside.
useradd protonmail
usermod -L protonmail
Create a protonmail directory in /home
cd /home
mkdir protonmail
Change folder owner
chown -R protonmail:protonmail /home/protonmail
Login as the new isolated user
su protonmail
cd ~
Run a script session to avoid the PGP key passphrase prompt to fail (https://bugzilla.redhat.com/show_bug.cgi?id=659512).
This is required if we are not using a graphical interface due to the way our isolated user runs the shell commands
script /dev/null
Generate PGP key pair for the new user with an empty passphrase.
The empty passphrase is required to run the protonmail bridge on the background on system startup without being prompted for the password and hence causing the process to fail.
gpg --full-generate-key
>>>> Choose 1 (1) RSA and RSA (default)
>>>> Choose 2048 (default)
>>>> Choose 0 0 = key does not expire
>>>> Type your name e.g. Proty McProtonFace
>>>> Type your email e.g. [email protected]
>>>> Leave empty comment
>>>> Leave empty passphrase
List the keys to ensure they were created correctly
gpg --list-keys
Init the password manager for the chosen email address in the PGP keys step
pass init [email protected]
At this point we already set up the password manager that will allow the protonmail bridge to store the passwords so we will now setup your protonmail account.
protonmail-bridge --cli
>>>> add (add your protonmail account to bridge)
>>>> (enter your protonmail account email address)
>>>> (enter your protonmail account password)
>>>> list (list configured accounts)
>>>> info (list SMTP credentials for configuring any local SMTP compatible service)
>>>> help (get familiarized with the bridge options)
>>>> exit (exit the bridge console which stops the local SMTP server created)
Exit the scripted mode of the isolated user if you previously ran "script /dev/null"
exit
In order to start automatically the bridge client on system startup we will create a script to run it in the background.
Notice that we will use the "screen" utility since there is no way to run the protonmail linux client in the background currently without a graphical interface.
For this we will need root access again.
exit
Create a basic script that will be able to launch the protonmail bridge client in the background and kill it.
mkdir /var/lib/protonmail
nano /var/lib/protonmail/protonmail.sh
(copy the content of the file and save)
chmod +x /var/lib/protonmail/protonmail.sh
Create a systemd service
nano /etc/systemd/system/protonmail.service
(copy the content of the file and save)
Enable the script so that it can run on system startup
systemctl enable protonmail
Test the protonmail service
systemctl start protonmail
netstat -tulpn | grep 1025
Reboot you system and check if protonmail bridge is bound to the default ports
reboot
netstat -tulpn | grep 1025
All the instructions above should work in Fedora. You can replace "yum" commands with "dnf"
Now that you have the protonmail bridge running in the background you can configure SMTP emails on local instances of Jenkins, Jira, Bitbucket, Thunderbird or any service of your choice.
Remember that required credentials and configuration details can be found by executing:
protonmail-bridge --cli
>>>> info
>>>> exit
Note: When sending an email via PHPMailer, the following message is displayed:
Connection failed. Error #2: stream_socket_client(): unable to connect to 127.0.0.1:1026 (Connection refused)
SMTP ERROR: Failed to connect to server: Connection refused (111)
OR
SMTP INBOUND: "454 4.7.0 account is logged out, use the app to login again"
SERVER -> CLIENT: 454 4.7.0 account is logged out, use the app to login again
SMTP ERROR: Password command failed: 454 4.7.0 account is logged out, use the app to login again
SMTP Error: Could not authenticate.
Solution 1 :
More than one process listens on the same port. Changing the port in Protonmail-bridge may correct the problem.
To solve it I had to: Login as the new isolated user
su protonmail
cd ~
This is required if we are not using a graphical interface due to the way our isolated user runs the shell commands
script /dev/null
Change port setting
change port
Solution 2 :
Two user processes (root and protonmail) are executed at the same time.
- Stopping the "proton-bridge" process using the killall command
killall -9 proton-bridge
- Full uninstall protonmail-bridge
apt purge protonmail-bridge
-
remove all protonmail folders and configuration files in the 'root' profile
-
remove the protonmail folder in the "home" folder
rm -rf /home/protonmail
-
reboot
-
Repeat the protonmail-bridge installation procedure
Note: When running Bridge on command line, I the following message is printed:
WARN[0000] Failed to add test credentials to keychain error="exit status 1: gpg: Passwords: skipped: No public key\ngpg: [stdin]: encryption failed: No public key\nPassword encryption aborted.\n" helper="*pass.Pass"
He had a bug with your keyring and pass.
Solution:
To solve it I had to:
- uninstall gnupg and pass
apt remove gnupg pass
- delete the
.gnupg
and.password-store
folders
rm -rf /home/protonmail/.gnupg
rm -rf /home/protonmail/.password-store
- reinstall gnupg and pass
apt install gnupg pass
- login as the new isolated user
su protonmail
cd ~
- run a script session to avoid the PGP key passphrase prompt to fail
script /dev/null
- run gpg to create the database and its folder
gpg --list-keys
- create a new key
gpg --full-generate-key
>>>> Choose 1 (1) RSA and RSA (default)
>>>> Choose 2048 (default)
>>>> Choose 0 0 = key does not expire
>>>> Type your name e.g. Proty McProtonFace
>>>> Type your email e.g. [email protected]
>>>> Leave empty comment
>>>> Leave empty passphrase
- Init the password manager for the chosen email address in the PGP keys step
pass init [email protected]
- List the keys to ensure they were created correctly
gpg --list-keys
- Setup the protonmail bridge client, follow the procedure I described here
Does not work for me on newer versions (v.3.x.x, has worked on v1.x.x), throws
However, it works in its own TTY. But then I have to type the email password and then bridge password manually (luckily, only once per machine).
Anyone has the same problem?