nodejs/hookshot
nodejs/hookshot
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-hookshot.git synced 2025-03-10 21:19:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
hookshot/docs/advanced/encryption.md

38 lines
2.6 KiB
Markdown
Raw Normal View History

Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
Encryption
Mark encryption as experimental (#610) * Update config to mark encryption support as experimental * Mention encryption as experimental in docs * changelog * Hide empty values from config * transmuate snakes into camels
2023-01-05 16:25:48 +00:00
==========
Stabilize E2EE support (#989) * Deprecate legacy sled store * Add e2ee test * Add support for e2ee testing in e2e environment * Tidy up redis support * Attempt to get test working * cleanup test * opportunistic lint * tiny bit of cleanup * remove ref * tweak to homerunner * switch to nightly images for Synapse (to test E2EE) * use nightly * newsfile. * Update bot sdk to support authenticated media (now that Synapse requires it) * fix typings * MatrixError * one more * Graduate the encryption property to stable. * update test config * Update encryption docs. * fix some old config bits
2024-11-26 16:04:56 +00:00
<section class="notice">
Support for encryption is considered stable, but the underlying specification changes are not yet.
Hookshot supports end-to-bridge encryption via [MSC3202](https://github.com/matrix-org/matrix-spec-proposals/pull/3202), and [MSC4203](https://github.com/matrix-org/matrix-spec-proposals/pull/4203). Hookshot needs to be configured against a a homeserver that supports these features, such as [Synapse](#running-with-synapse).
Please check with your homeserver implementation before reporting bugs against matrix-hookshot.
Mark encryption as experimental (#610) * Update config to mark encryption support as experimental * Mention encryption as experimental in docs * changelog * Hide empty values from config * transmuate snakes into camels
2023-01-05 16:25:48 +00:00
</section>
Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
Stabilize E2EE support (#989) * Deprecate legacy sled store * Add e2ee test * Add support for e2ee testing in e2e environment * Tidy up redis support * Attempt to get test working * cleanup test * opportunistic lint * tiny bit of cleanup * remove ref * tweak to homerunner * switch to nightly images for Synapse (to test E2EE) * use nightly * newsfile. * Update bot sdk to support authenticated media (now that Synapse requires it) * fix typings * MatrixError * one more * Graduate the encryption property to stable. * update test config * Update encryption docs. * fix some old config bits
2024-11-26 16:04:56 +00:00
Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
## Enabling encryption in Hookshot
Update encryption.md (#860) * Update encryption.md Consistently spell Hookshot with an upper-case H as the first letter Signed-off-by: Joshua Hoffmann joshua.hoffmann@b1-systems.de * Create 860.doc --------- Signed-off-by: Joshua Hoffmann joshua.hoffmann@b1-systems.de Co-authored-by: Will Hunt <will@half-shot.uk>
2023-12-20 11:38:12 +01:00
In order for Hookshot to use encryption, it must be configured as follows:
Stabilize E2EE support (#989) * Deprecate legacy sled store * Add e2ee test * Add support for e2ee testing in e2e environment * Tidy up redis support * Attempt to get test working * cleanup test * opportunistic lint * tiny bit of cleanup * remove ref * tweak to homerunner * switch to nightly images for Synapse (to test E2EE) * use nightly * newsfile. * Update bot sdk to support authenticated media (now that Synapse requires it) * fix typings * MatrixError * one more * Graduate the encryption property to stable. * update test config * Update encryption docs. * fix some old config bits
2024-11-26 16:04:56 +00:00
- The `encryption.storagePath` setting must point to a directory that Hookshot has permissions to write files into. If running with Docker, this path should be within a volume (for persistency). Hookshot uses this directory for its crypto store (i.e. long-lived state relating to its encryption keys).
Update encryption.md (#860) * Update encryption.md Consistently spell Hookshot with an upper-case H as the first letter Signed-off-by: Joshua Hoffmann joshua.hoffmann@b1-systems.de * Create 860.doc --------- Signed-off-by: Joshua Hoffmann joshua.hoffmann@b1-systems.de Co-authored-by: Will Hunt <will@half-shot.uk>
2023-12-20 11:38:12 +01:00
- Once a crypto store has been initialized, its files must not be modified, and Hookshot cannot be configured to use another crypto store of the same type as one it has used before. If a crypto store's files get lost or corrupted, Hookshot may fail to start up, or may be unable to decrypt command messages. To fix such issues, stop Hookshot, then reset its crypto store by running `yarn start:resetcrypto`.
Split cache config from queue config. (#902) * Split out queue and cache config * Update usages of cache config, * Update default * Cleanup * Make queue optional. * config updates. * changelog * update spec config * Update tests * tweak import * Update default config. * fixup test * Update config.sample.yml Co-authored-by: Andrew Ferrazzutti <andrewf@element.io> Signed-off-by: Will Hunt <will@half-shot.uk> * Update encryption.md Signed-off-by: Will Hunt <will@half-shot.uk> * Clear up worker config Signed-off-by: Will Hunt <will@half-shot.uk> * Update src/config/Config.ts Co-authored-by: Andrew Ferrazzutti <andrewf@element.io> Signed-off-by: Will Hunt <will@half-shot.uk> * update helm config * lint * fix meta * tidy tidy * revert logging change * lint rust --------- Signed-off-by: Will Hunt <will@half-shot.uk> Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2024-03-19 16:45:52 +00:00
- [Redis](./workers.md) must be enabled. Note that worker mode is not yet supported with encryption, so `queue` MUST **NOT be configured**.
Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
Stabilize E2EE support (#989) * Deprecate legacy sled store * Add e2ee test * Add support for e2ee testing in e2e environment * Tidy up redis support * Attempt to get test working * cleanup test * opportunistic lint * tiny bit of cleanup * remove ref * tweak to homerunner * switch to nightly images for Synapse (to test E2EE) * use nightly * newsfile. * Update bot sdk to support authenticated media (now that Synapse requires it) * fix typings * MatrixError * one more * Graduate the encryption property to stable. * update test config * Update encryption docs. * fix some old config bits
2024-11-26 16:04:56 +00:00
If you ever reset your homeserver's state, ensure you also reset Hookshot's encryption state. This includes clearing the `storagePath` directory and all worker state stored in your redis instance. Otherwise, Hookshot may fail on start up with registration errors.
Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
Update encryption.md (#860) * Update encryption.md Consistently spell Hookshot with an upper-case H as the first letter Signed-off-by: Joshua Hoffmann joshua.hoffmann@b1-systems.de * Create 860.doc --------- Signed-off-by: Joshua Hoffmann joshua.hoffmann@b1-systems.de Co-authored-by: Will Hunt <will@half-shot.uk>
2023-12-20 11:38:12 +01:00
Also ensure that Hookshot's appservice registration file contains every line from `registration.sample.yml` that appears after the `If enabling encryption` comment. Note that changing the registration file may require restarting the homeserver that Hookshot is connected to.
Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
## Running with Synapse
Stabilize E2EE support (#989) * Deprecate legacy sled store * Add e2ee test * Add support for e2ee testing in e2e environment * Tidy up redis support * Attempt to get test working * cleanup test * opportunistic lint * tiny bit of cleanup * remove ref * tweak to homerunner * switch to nightly images for Synapse (to test E2EE) * use nightly * newsfile. * Update bot sdk to support authenticated media (now that Synapse requires it) * fix typings * MatrixError * one more * Graduate the encryption property to stable. * update test config * Update encryption docs. * fix some old config bits
2024-11-26 16:04:56 +00:00
[Synapse](https://github.com/matrix-org/synapse/) has functional support for MSC3202 and MSC4203 as of [v1.63.0](https://github.com/matrix-org/synapse/releases/tag/v1.63.0). To enable it, add the following section to Synapse's configuration file (typically named `homeserver.yaml`):
You may notice that MSC2409 is not listed above. Due to the changes being split out from MSC2409, `msc2409_to_device_messages_enabled` refers to MSC4203.
Add support for native e2ee (#299) * Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires https://github.com/turt2live/matrix-bot-sdk/pull/269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11d but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
2022-12-09 15:25:36 +00:00
```yaml
experimental_features:
msc3202_device_masquerading: true
msc3202_transaction_extensions: true
msc2409_to_device_messages_enabled: true
```
Stabilize E2EE support (#989) * Deprecate legacy sled store * Add e2ee test * Add support for e2ee testing in e2e environment * Tidy up redis support * Attempt to get test working * cleanup test * opportunistic lint * tiny bit of cleanup * remove ref * tweak to homerunner * switch to nightly images for Synapse (to test E2EE) * use nightly * newsfile. * Update bot sdk to support authenticated media (now that Synapse requires it) * fix typings * MatrixError * one more * Graduate the encryption property to stable. * update test config * Update encryption docs. * fix some old config bits
2024-11-26 16:04:56 +00:00
Reference in New Issue Copy Permalink