Press "Enter" to skip to content

Use ProtonMail Bridge on headless Linux machines

Update (Jun. 10, 2020): I added a brief post about how to use pass with ProtonMail Bridge for headless servers in a new post here.

Update (Jan. 8, 2020): I recently found the GUI-based gnome-keyring can be replaced with a CLI-based password manager — pass. I now use pass instead of gnome-keyring. I haven’t had time to update this post, so you’ll have to do the research if you want to discard gnome-keyring. A good place to start is the Arch Wiki page of pass.

Update (Aug. 7, 2019): The version of Bridge used in the original post was 1.0.6. I recently upgraded Bridge to 1.1.6 and found the name of Bridge’s executable is not Desktop-Bridge anymore. Now it’s called protonmail-bridge.

ProtonMai Bridge is the utility for ProtonMail users to access IMAP/SMTP servers from local machines. With ProtonMail Bridge, users can use whatever offline email client (Outlook, Thunderbird, etc.) they like.

The reason ProtonMail users require this extra utility is that, for outbound emails, ProtonMail encrypts users’ email content before handing over the email to the sending server. And for inbound emails, ProtonMail decrypts the email contents for users after downloading the emails, and so when users open the incoming emails, the contents are readable. While using ProtonMail’s online interface, everything is done behind the scene. Users just write/read emails as they do on Gmail, etc. But if users want to use offline email clients on their local machines, then those clients lack the functionality of encrypting/decrypting the emails before/after doing communications with ProtonMail’s servers (see note 1). That’s why ProtonMail provides a utility called Bridge.

In a nutshell, ProtonMail Bridge creates fake IMAP/SMTP servers on the local machine. And users use these fake local servers for the IMAP/SMTP settings in their offline email clients. When offline clients try to do communications with email servers, they are in fact communicating with the fake local servers. And next, the local servers do the encryption/decryption tasks and then talk to the real ProtonMail servers.

For more details, please read the introductions at ProtonMai Bridge. This post does not intend to deal with the usage of Bridge. Instead, this post tries to deal with an issue that occurs when using Bridge in headless (i.e., not connected to any physical monitors) Linux environments.

Note 1: In fact, many offline email clients can handle PGP-encrypted emails. But when using ProtonMail, in my guess, ProtonMail servers do not allow client-side encryption and decryption. So they provide Bridge. But it’s just my guess. I’m also new to ProtonMail.

Problem description

A dependency of Bridge is gnome-keyring (note: see the update above). My guess is that Bridge relies on gnome-keyring to store data and information on PGP keys. But the problem is that gnome-keyring is not designed for headless environments. So when you try to launch non-graphical Bridge with $ Desktop-Bridge --cli (note: see the update above), you may encounter problems when you log in with your ProtonMail account in Bridge.

Solution

gnome-keyring relies on a graphical pop-up dialog to ask users for passwords. So what we have to do is proactively providing our password when we start the keyring service in the background, instead of passively waiting for it to ask.

Use the following command to achieve this:

$ echo -n [password] | gnome-keyring-daemon --login

[password] is your password to log in to the Linux machine. Even if you use password-less login (e.g., using SSH keys), you should have a password for your username. Note, [password] should be a string. That is, your password should be inside a pair of quotation marks.

Reference

  1. use of gnome-keyring-daemon without X

15 Comments

  1. kali prasad kali prasad

    this method doesn’t work with the latest version of protonmail bridge.

    • Actually, I just realized that we cannot download ProtonMail Bridge for Linux from the official website anymore. I’m now still using a very old version of Bridge for Linux, which I downloaded a long long time ago.

      Now we have to email them to get the linux version. The reason they give is that the linux version is still in beta stage, so it’s not available to public.

      • mrl mrl

        You can just change the URL to version “1.1.5-1” instead of “1.1.?-1”.

    • I just upgraded Bridge to 1.1.6, and it still works.

    • Hi, my WordPress server is using Debian, so I’m not sure how different it is from Ubuntu. Basically, after downloading the *.deb file, I just did apt install. Something like the following:

      $ wget https://protonmail.com/download/protonmail-bridge_1.2.7-1_amd64.deb
      $ sudo apt install ./protonmail-bridge_1.2.7-1_amd64.deb

      I’m not sure if Ubuntu already has protonmail-bridge in its package repository. If yes, then if you only do $ sudo apt install protonmail-bridge, it will install the protonmail-bridge from Ubuntu’s official package repository, instead of the file you downloaded from ProtonMail’s website.

      • Anonymous Anonymous

        Thanks but I get the same error :

        Last login: Tue Jun 9 00:08:59 2020 from 88.126.119.154
        ubuntu@www-example-com ~ $ sudo apt install ./protonmail-bridge_1.2.7-1_amd64.deb
        Reading package lists… Done
        Building dependency tree
        Reading state information… Done
        You might want to run ‘apt –fix-broken install’ to correct these.
        The following packages have unmet dependencies:
        protonmail-bridge : Depends: qt5-default but it is not installed
        Depends: libqt5designer5 but it is not installed
        Depends: libqt5multimediawidgets5 but it is not installed
        Depends: libqt5quickwidgets5 but it is not installed
        Depends: libpulse-mainloop-glib0 but it is not installed
        Depends: libsecret-1-0 but it is not installed
        Depends: ttf-dejavu but it is not installed
        E: Unmet dependencies. Try ‘apt –fix-broken install’ with no packages (or specify a solution).
        ubuntu@www-s1biose-com ~ $ sudo apt install protonmail-bridge_1.2.7-1_amd64.deb
        Reading package lists… Done
        Building dependency tree
        Reading state information… Done
        E: Unable to locate package protonmail-bridge_1.2.7-1_amd64.deb
        E: Couldn’t find any package by glob ‘protonmail-bridge_1.2.7-1_amd64.deb’
        E: Couldn’t find any package by regex ‘protonmail-bridge_1.2.7-1_amd64.deb’

        • Yes, I think you need to install those dependencies. I checked the installed protonmail-bridge on my server, and the information shows those are indeed dependencies:

          “`
          <…ignored…>
          Depends: qt5-default, libqt5designer5, libqt5multimediawidgets5, libqt5quickwidgets5, libpulse-mainloop-glib0, libsecret-1-0, ttf-dejavu
          Suggests: pass, gnome-keyring
          <…ignored…>
          “`

          I’m not familiar with Ubuntu. So I’m not sure why your “apt install” did not install those dependencies for you automatically. But yes, you have to install them if apt does not automatically install that for you.

          • Anonymous Anonymous

            The problem is that it will install 490 MB is really a lot. I don’t want to install a desktop on my server :

            ubuntu@www-example-com ~ $ sudo apt –fix-broken install

            Reading package lists… Done
            Building dependency tree
            Reading state information… Done
            Correcting dependencies… Done
            The following additional packages will be installed:
            adwaita-icon-theme at-spi2-core dconf-gsettings-backend dconf-service fontconfig fonts-dejavu fonts-dejavu-extra glib-networking
            glib-networking-common glib-networking-services gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme humanity-icon-theme
            libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libavahi-client3 libavahi-common-data libavahi-common3
            libcairo-gobject2 libcairo2 libcolord2 libcroco3 libcups2 libdatrie1 libdconf1 libdouble-conversion1 libdrm-amdgpu1 libdrm-dev
            libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libegl-mesa0 libegl1 libegl1-mesa-dev libepoxy0 libevdev2 libflac8 libgbm1
            libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgl1 libgl1-mesa-dev libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa
            libgles1 libgles2 libgles2-mesa-dev libglu1-mesa libglu1-mesa-dev libglvnd-core-dev libglvnd-dev libglvnd0 libglx-mesa0 libglx0
            libgraphite2-3 libgtk-3-0 libgtk-3-bin libgtk-3-common libgudev-1.0-0 libharfbuzz0b libinput-bin libinput10 libjson-glib-1.0-0
            libjson-glib-1.0-common liblcms2-2 libllvm9 libmtdev1 libogg0 libopengl0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0
            libpciaccess0 libpixman-1-0 libproxy1v5 libpthread-stubs0-dev libpulse-mainloop-glib0 libpulse0 libqt5concurrent5 libqt5core5a
            libqt5dbus5 libqt5designer5 libqt5gui5 libqt5multimedia5 libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5opengl5-dev
            libqt5printsupport5 libqt5qml5 libqt5quick5 libqt5quickwidgets5 libqt5sql5 libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5widgets5
            libqt5xml5 librest-0.7-0 librsvg2-2 librsvg2-common libsecret-1-0 libsecret-common libsensors4 libsndfile1 libsoup-gnome2.4-1
            libsoup2.4-1 libthai-data libthai0 libvorbis0a libvorbisenc2 libwacom-bin libwacom-common libwacom2 libwayland-bin libwayland-client0
            libwayland-cursor0 libwayland-dev libwayland-egl1 libwayland-server0 libx11-dev libx11-doc libx11-xcb-dev libx11-xcb1 libxau-dev
            libxcb-dri2-0 libxcb-dri2-0-dev libxcb-dri3-0 libxcb-dri3-dev libxcb-glx0 libxcb-glx0-dev libxcb-icccm4 libxcb-image0 libxcb-keysyms1
            libxcb-present-dev libxcb-present0 libxcb-randr0 libxcb-randr0-dev libxcb-render-util0 libxcb-render0 libxcb-render0-dev libxcb-shape0
            libxcb-shape0-dev libxcb-shm0 libxcb-sync-dev libxcb-sync1 libxcb-util1 libxcb-xfixes0 libxcb-xfixes0-dev libxcb-xinerama0 libxcb-xkb1
            libxcb1-dev libxcomposite1 libxcursor1 libxdamage-dev libxdamage1 libxdmcp-dev libxext-dev libxfixes-dev libxfixes3 libxi6 libxinerama1
            libxkbcommon-x11-0 libxkbcommon0 libxrandr2 libxrender1 libxshmfence-dev libxshmfence1 libxtst6 libxxf86vm-dev libxxf86vm1
            mesa-common-dev qt5-default qt5-gtk-platformtheme qt5-qmake qt5-qmake-bin qtbase5-dev qtbase5-dev-tools qtchooser qttranslations5-l10n
            ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ubuntu-mono x11proto-core-dev x11proto-damage-dev x11proto-dev x11proto-fixes-dev
            x11proto-xext-dev x11proto-xf86vidmode-dev xorg-sgml-doctools xtrans-dev
            Suggested packages:
            colord cups-common gvfs liblcms2-utils pulseaudio qt5-image-formats-plugins qtwayland5 qt5-qmltooling-plugins librsvg2-bin lm-sensors
            libwayland-doc libxcb-doc libxext-doc default-libmysqlclient-dev firebird-dev libpq-dev libsqlite3-dev unixodbc-dev
            The following NEW packages will be installed:
            adwaita-icon-theme at-spi2-core dconf-gsettings-backend dconf-service fontconfig fonts-dejavu fonts-dejavu-extra glib-networking
            glib-networking-common glib-networking-services gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme humanity-icon-theme
            libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libavahi-client3 libavahi-common-data libavahi-common3
            libcairo-gobject2 libcairo2 libcolord2 libcroco3 libcups2 libdatrie1 libdconf1 libdouble-conversion1 libdrm-amdgpu1 libdrm-dev
            libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libegl-mesa0 libegl1 libegl1-mesa-dev libepoxy0 libevdev2 libflac8 libgbm1
            libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgl1 libgl1-mesa-dev libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa
            libgles1 libgles2 libgles2-mesa-dev libglu1-mesa libglu1-mesa-dev libglvnd-core-dev libglvnd-dev libglvnd0 libglx-mesa0 libglx0
            libgraphite2-3 libgtk-3-0 libgtk-3-bin libgtk-3-common libgudev-1.0-0 libharfbuzz0b libinput-bin libinput10 libjson-glib-1.0-0
            libjson-glib-1.0-common liblcms2-2 libllvm9 libmtdev1 libogg0 libopengl0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0
            libpciaccess0 libpixman-1-0 libproxy1v5 libpthread-stubs0-dev libpulse-mainloop-glib0 libpulse0 libqt5concurrent5 libqt5core5a
            libqt5dbus5 libqt5designer5 libqt5gui5 libqt5multimedia5 libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5opengl5-dev
            libqt5printsupport5 libqt5qml5 libqt5quick5 libqt5quickwidgets5 libqt5sql5 libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5widgets5
            libqt5xml5 librest-0.7-0 librsvg2-2 librsvg2-common libsecret-1-0 libsecret-common libsensors4 libsndfile1 libsoup-gnome2.4-1
            libsoup2.4-1 libthai-data libthai0 libvorbis0a libvorbisenc2 libwacom-bin libwacom-common libwacom2 libwayland-bin libwayland-client0
            libwayland-cursor0 libwayland-dev libwayland-egl1 libwayland-server0 libx11-dev libx11-doc libx11-xcb-dev libx11-xcb1 libxau-dev
            libxcb-dri2-0 libxcb-dri2-0-dev libxcb-dri3-0 libxcb-dri3-dev libxcb-glx0 libxcb-glx0-dev libxcb-icccm4 libxcb-image0 libxcb-keysyms1
            libxcb-present-dev libxcb-present0 libxcb-randr0 libxcb-randr0-dev libxcb-render-util0 libxcb-render0 libxcb-render0-dev libxcb-shape0
            libxcb-shape0-dev libxcb-shm0 libxcb-sync-dev libxcb-sync1 libxcb-util1 libxcb-xfixes0 libxcb-xfixes0-dev libxcb-xinerama0 libxcb-xkb1
            libxcb1-dev libxcomposite1 libxcursor1 libxdamage-dev libxdamage1 libxdmcp-dev libxext-dev libxfixes-dev libxfixes3 libxi6 libxinerama1
            libxkbcommon-x11-0 libxkbcommon0 libxrandr2 libxrender1 libxshmfence-dev libxshmfence1 libxtst6 libxxf86vm-dev libxxf86vm1
            mesa-common-dev qt5-default qt5-gtk-platformtheme qt5-qmake qt5-qmake-bin qtbase5-dev qtbase5-dev-tools qtchooser qttranslations5-l10n
            ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ubuntu-mono x11proto-core-dev x11proto-damage-dev x11proto-dev x11proto-fixes-dev
            x11proto-xext-dev x11proto-xf86vidmode-dev xorg-sgml-doctools xtrans-dev
            0 upgraded, 198 newly installed, 0 to remove and 0 not upgraded.
            1 not fully installed or removed.
            Need to get 62.3 MB of archives.
            After this operation, 490 MB of additional disk space will be used.
            Do you want to continue? [Y/n]

        • Maybe try “sudo apt install –no-install-recommends “? I guess your system was trying to install all optional dependencies. I’m not familiar with it, but I guess “–no-install-recommends” should reduce the size.

          But it’s also true protonmail-bridge requires many dependencies that are related graphical interface. I think protonmail-bridge has both command-line and GUI included in a single package.

          • Anonymous Anonymous

            Thanks but it doesn’t work. Finally I installed all the suggested packages.
            I also installed “pass”, but your tutorial does not explain how to use “pass”. You only put the command line for gnome-keyring-daemon

        • yeah, I’m kind of reluctant to write about the option of “pass”. Users have to set up a GPG key without a passphrase in order to use protonmail-bridge & pass together on a headless server. So it is a little bit too much to cover if I have to explain to readers what a GPG key is.

          I’ll see what I can add to this blog post regarding “pass”. Maybe I’ll just write the command-lines without explanation. See the newer post here.

          • Anonymous Anonymous

            Thank you, yes it would be nice with the command lines. Can you explain to me how to restart protonmail-bridge ?

            ubuntu@www-example-com ~ $ sudo protonmail-bridge –cli
            INFO[0000] Run app appLong=”Protonmail Bridge” appShort=bridge args=”[protonmail-bridge –cli]” build=”2020-05-19T00:33:31+0200″ pkg=main revision=50ed40f205 runtime=linux version=1.2.7
            ProtonMail Bridge is not able to detect a supported password manager
            (pass, gnome-keyring). Please install and set up a supported password manager
            and restart the application.
            Frontend error

            Here is how I installed “pass” :

            $ sudo apt install pass
            $ sudo pass init contact@example.com
            $ sudo pass insert protonmail-bridge/mathieulebert
            I entered the protonmail password

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.