Press "Enter" to skip to content

Use ProtonMail Bridge on headless Linux machines

Update (Jun. 10, 2020): I added a brief post about how to use pass with ProtonMail Bridge for headless servers in a new post here.

Update (Jan. 8, 2020): I recently found the GUI-based gnome-keyring can be replaced with a CLI-based password manager — pass. I now use pass instead of gnome-keyring. I haven’t had time to update this post, so you’ll have to do the research if you want to discard gnome-keyring. A good place to start is the Arch Wiki page of pass.

Update (Aug. 7, 2019): The version of Bridge used in the original post was 1.0.6. I recently upgraded Bridge to 1.1.6 and found the name of Bridge’s executable is not Desktop-Bridge anymore. Now it’s called protonmail-bridge.

ProtonMai Bridge is the utility for ProtonMail users to access IMAP/SMTP servers from local machines. With ProtonMail Bridge, users can use whatever offline email client (Outlook, Thunderbird, etc.) they like.

The reason ProtonMail users require this extra utility is that, for outbound emails, ProtonMail encrypts users’ email content before handing over the email to the sending server. And for inbound emails, ProtonMail decrypts the email contents for users after downloading the emails, and so when users open the incoming emails, the contents are readable. While using ProtonMail’s online interface, everything is done behind the scene. Users just write/read emails as they do on Gmail, etc. But if users want to use offline email clients on their local machines, then those clients lack the functionality of encrypting/decrypting the emails before/after doing communications with ProtonMail’s servers (see note 1). That’s why ProtonMail provides a utility called Bridge.

In a nutshell, ProtonMail Bridge creates fake IMAP/SMTP servers on the local machine. And users use these fake local servers for the IMAP/SMTP settings in their offline email clients. When offline clients try to do communications with email servers, they are in fact communicating with the fake local servers. And next, the local servers do the encryption/decryption tasks and then talk to the real ProtonMail servers.

For more details, please read the introductions at ProtonMai Bridge. This post does not intend to deal with the usage of Bridge. Instead, this post tries to deal with an issue that occurs when using Bridge in headless (i.e., not connected to any physical monitors) Linux environments.

Note 1: In fact, many offline email clients can handle PGP-encrypted emails. But when using ProtonMail, in my guess, ProtonMail servers do not allow client-side encryption and decryption. So they provide Bridge. But it’s just my guess. I’m also new to ProtonMail.

Problem description

A dependency of Bridge is gnome-keyring (note: see the update above). My guess is that Bridge relies on gnome-keyring to store data and information on PGP keys. But the problem is that gnome-keyring is not designed for headless environments. So when you try to launch non-graphical Bridge with $ Desktop-Bridge --cli (note: see the update above), you may encounter problems when you log in with your ProtonMail account in Bridge.

Solution

gnome-keyring relies on a graphical pop-up dialog to ask users for passwords. So what we have to do is proactively providing our password when we start the keyring service in the background, instead of passively waiting for it to ask.

Use the following command to achieve this:

$ echo -n [password] | gnome-keyring-daemon --login

[password] is your password to log in to the Linux machine. Even if you use password-less login (e.g., using SSH keys), you should have a password for your username. Note, [password] should be a string. That is, your password should be inside a pair of quotation marks.

Reference

  1. use of gnome-keyring-daemon without X

15 Comments

  1. kali prasad kali prasad
    this method doesn’t work with the latest version of protonmail bridge.
    • Actually, I just realized that we cannot download ProtonMail Bridge for Linux from the official website anymore. I’m now still using a very old version of Bridge for Linux, which I downloaded a long long time ago. Now we have to email them to get the linux version. The reason they give is that the linux version is still in beta stage, so it’s not available to public.
      Read more
      • mrl mrl
        You can just change the URL to version “1.1.5-1” instead of “1.1.?-1”.
    • I just upgraded Bridge to 1.1.6, and it still works.
  2. Jane Doe Jane Doe
    You can find the latest version incl. link here: https://aur.archlinux.org/packages/protonmail-bridge/
  3. Anonymous Anonymous
    How did you install ProtonMail on Ubuntu Server? Can you add the command lines? I tested the following lines but it does not work : $ wget -c https://protonmail.com/download/protonmail-bridge_1.2.7-1_amd64.deb $ sudo dpkg -i protonmail-bridge_1.2.7-1_amd64.deb $ sudo apt update $ sudo apt install protonmail-bridge
    Read more
    • Hi, my WordPress server is using Debian, so I’m not sure how different it is from Ubuntu. Basically, after downloading the *.deb file, I just did apt install. Something like the following: $ wget https://protonmail.com/download/protonmail-bridge_1.2.7-1_amd64.deb $ sudo apt install ./protonmail-bridge_1.2.7-1_amd64.deb I’m not sure if Ubuntu already has protonmail-bridge in its package repository. If yes, then if you only do $ sudo apt install protonmail-bridge, it will install the protonmail-bridge from Ubuntu’s official package repository, instead of the file you downloaded from ProtonMail’s website.
      Read more
      • Anonymous Anonymous
        Thanks but I get the same error : Last login: Tue Jun 9 00:08:59 2020 from 88.126.119.154 ubuntu@www-example-com ~ $ sudo apt install ./protonmail-bridge_1.2.7-1_amd64.deb Reading package lists… Done Building dependency tree Reading state information… Done You might want to run ‘apt –fix-broken install’ to correct these. The following packages have unmet dependencies: protonmail-bridge : Depends: qt5-default but it is not installed Depends: libqt5designer5 but it is not installed Depends: libqt5multimediawidgets5 but it is not installed Depends: libqt5quickwidgets5 but it is not installed Depends: libpulse-mainloop-glib0 but it is not installed Depends: libsecret-1-0 but it is not installed Depends: ttf-dejavu but it is not installed E: Unmet dependencies. Try ‘apt –fix-broken install’ with no packages (or specify a solution). ubuntu@www-s1biose-com ~ $ sudo apt install protonmail-bridge_1.2.7-1_amd64.deb Reading package lists… Done Building dependency tree Reading state information… Done E: Unable to locate package protonmail-bridge_1.2.7-1_amd64.deb E: Couldn’t find any package by glob ‘protonmail-bridge_1.2.7-1_amd64.deb’ E: Couldn’t find any package by regex ‘protonmail-bridge_1.2.7-1_amd64.deb’
        Read more
        • Yes, I think you need to install those dependencies. I checked the installed protonmail-bridge on my server, and the information shows those are indeed dependencies: “` <…ignored…> Depends: qt5-default, libqt5designer5, libqt5multimediawidgets5, libqt5quickwidgets5, libpulse-mainloop-glib0, libsecret-1-0, ttf-dejavu Suggests: pass, gnome-keyring <…ignored…> “` I’m not familiar with Ubuntu. So I’m not sure why your “apt install” did not install those dependencies for you automatically. But yes, you have to install them if apt does not automatically install that for you.
          Read more
          • Anonymous Anonymous
            The problem is that it will install 490 MB is really a lot. I don’t want to install a desktop on my server : ubuntu@www-example-com ~ $ sudo apt –fix-broken install Reading package lists… Done Building dependency tree Reading state information… Done Correcting dependencies… Done The following additional packages will be installed: adwaita-icon-theme at-spi2-core dconf-gsettings-backend dconf-service fontconfig fonts-dejavu fonts-dejavu-extra glib-networking glib-networking-common glib-networking-services gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme humanity-icon-theme libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libavahi-client3 libavahi-common-data libavahi-common3 libcairo-gobject2 libcairo2 libcolord2 libcroco3 libcups2 libdatrie1 libdconf1 libdouble-conversion1 libdrm-amdgpu1 libdrm-dev libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libegl-mesa0 libegl1 libegl1-mesa-dev libepoxy0 libevdev2 libflac8 libgbm1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgl1 libgl1-mesa-dev libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libgles1 libgles2 libgles2-mesa-dev libglu1-mesa libglu1-mesa-dev libglvnd-core-dev libglvnd-dev libglvnd0 libglx-mesa0 libglx0 libgraphite2-3 libgtk-3-0 libgtk-3-bin libgtk-3-common libgudev-1.0-0 libharfbuzz0b libinput-bin libinput10 libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 libllvm9 libmtdev1 libogg0 libopengl0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpciaccess0 libpixman-1-0 libproxy1v5 libpthread-stubs0-dev libpulse-mainloop-glib0 libpulse0 libqt5concurrent5 libqt5core5a libqt5dbus5 libqt5designer5 libqt5gui5 libqt5multimedia5 libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5opengl5-dev libqt5printsupport5 libqt5qml5 libqt5quick5 libqt5quickwidgets5 libqt5sql5 libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5widgets5 libqt5xml5 librest-0.7-0 librsvg2-2 librsvg2-common libsecret-1-0 libsecret-common libsensors4 libsndfile1 libsoup-gnome2.4-1 libsoup2.4-1 libthai-data libthai0 libvorbis0a libvorbisenc2 libwacom-bin libwacom-common libwacom2 libwayland-bin libwayland-client0 libwayland-cursor0 libwayland-dev libwayland-egl1 libwayland-server0 libx11-dev libx11-doc libx11-xcb-dev libx11-xcb1 libxau-dev libxcb-dri2-0 libxcb-dri2-0-dev libxcb-dri3-0 libxcb-dri3-dev libxcb-glx0 libxcb-glx0-dev libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-present-dev libxcb-present0 libxcb-randr0 libxcb-randr0-dev libxcb-render-util0 libxcb-render0 libxcb-render0-dev libxcb-shape0 libxcb-shape0-dev libxcb-shm0 libxcb-sync-dev libxcb-sync1 libxcb-util1 libxcb-xfixes0 libxcb-xfixes0-dev libxcb-xinerama0 libxcb-xkb1 libxcb1-dev libxcomposite1 libxcursor1 libxdamage-dev libxdamage1 libxdmcp-dev libxext-dev libxfixes-dev libxfixes3 libxi6 libxinerama1 libxkbcommon-x11-0 libxkbcommon0 libxrandr2 libxrender1 libxshmfence-dev libxshmfence1 libxtst6 libxxf86vm-dev libxxf86vm1 mesa-common-dev qt5-default qt5-gtk-platformtheme qt5-qmake qt5-qmake-bin qtbase5-dev qtbase5-dev-tools qtchooser qttranslations5-l10n ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ubuntu-mono x11proto-core-dev x11proto-damage-dev x11proto-dev x11proto-fixes-dev x11proto-xext-dev x11proto-xf86vidmode-dev xorg-sgml-doctools xtrans-dev Suggested packages: colord cups-common gvfs liblcms2-utils pulseaudio qt5-image-formats-plugins qtwayland5 qt5-qmltooling-plugins librsvg2-bin lm-sensors libwayland-doc libxcb-doc libxext-doc default-libmysqlclient-dev firebird-dev libpq-dev libsqlite3-dev unixodbc-dev The following NEW packages will be installed: adwaita-icon-theme at-spi2-core dconf-gsettings-backend dconf-service fontconfig fonts-dejavu fonts-dejavu-extra glib-networking glib-networking-common glib-networking-services gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme humanity-icon-theme libasyncns0 libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libavahi-client3 libavahi-common-data libavahi-common3 libcairo-gobject2 libcairo2 libcolord2 libcroco3 libcups2 libdatrie1 libdconf1 libdouble-conversion1 libdrm-amdgpu1 libdrm-dev libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libegl-mesa0 libegl1 libegl1-mesa-dev libepoxy0 libevdev2 libflac8 libgbm1 libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgl1 libgl1-mesa-dev libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libgles1 libgles2 libgles2-mesa-dev libglu1-mesa libglu1-mesa-dev libglvnd-core-dev libglvnd-dev libglvnd0 libglx-mesa0 libglx0 libgraphite2-3 libgtk-3-0 libgtk-3-bin libgtk-3-common libgudev-1.0-0 libharfbuzz0b libinput-bin libinput10 libjson-glib-1.0-0 libjson-glib-1.0-common liblcms2-2 libllvm9 libmtdev1 libogg0 libopengl0 libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpciaccess0 libpixman-1-0 libproxy1v5 libpthread-stubs0-dev libpulse-mainloop-glib0 libpulse0 libqt5concurrent5 libqt5core5a libqt5dbus5 libqt5designer5 libqt5gui5 libqt5multimedia5 libqt5multimediawidgets5 libqt5network5 libqt5opengl5 libqt5opengl5-dev libqt5printsupport5 libqt5qml5 libqt5quick5 libqt5quickwidgets5 libqt5sql5 libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5widgets5 libqt5xml5 librest-0.7-0 librsvg2-2 librsvg2-common libsecret-1-0 libsecret-common libsensors4 libsndfile1 libsoup-gnome2.4-1 libsoup2.4-1 libthai-data libthai0 libvorbis0a libvorbisenc2 libwacom-bin libwacom-common libwacom2 libwayland-bin libwayland-client0 libwayland-cursor0 libwayland-dev libwayland-egl1 libwayland-server0 libx11-dev libx11-doc libx11-xcb-dev libx11-xcb1 libxau-dev libxcb-dri2-0 libxcb-dri2-0-dev libxcb-dri3-0 libxcb-dri3-dev libxcb-glx0 libxcb-glx0-dev libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-present-dev libxcb-present0 libxcb-randr0 libxcb-randr0-dev libxcb-render-util0 libxcb-render0 libxcb-render0-dev libxcb-shape0 libxcb-shape0-dev libxcb-shm0 libxcb-sync-dev libxcb-sync1 libxcb-util1 libxcb-xfixes0 libxcb-xfixes0-dev libxcb-xinerama0 libxcb-xkb1 libxcb1-dev libxcomposite1 libxcursor1 libxdamage-dev libxdamage1 libxdmcp-dev libxext-dev libxfixes-dev libxfixes3 libxi6 libxinerama1 libxkbcommon-x11-0 libxkbcommon0 libxrandr2 libxrender1 libxshmfence-dev libxshmfence1 libxtst6 libxxf86vm-dev libxxf86vm1 mesa-common-dev qt5-default qt5-gtk-platformtheme qt5-qmake qt5-qmake-bin qtbase5-dev qtbase5-dev-tools qtchooser qttranslations5-l10n ttf-dejavu ttf-dejavu-core ttf-dejavu-extra ubuntu-mono x11proto-core-dev x11proto-damage-dev x11proto-dev x11proto-fixes-dev x11proto-xext-dev x11proto-xf86vidmode-dev xorg-sgml-doctools xtrans-dev 0 upgraded, 198 newly installed, 0 to remove and 0 not upgraded. 1 not fully installed or removed. Need to get 62.3 MB of archives. After this operation, 490 MB of additional disk space will be used. Do you want to continue? [Y/n]
            Read more
        • Maybe try “sudo apt install –no-install-recommends “? I guess your system was trying to install all optional dependencies. I’m not familiar with it, but I guess “–no-install-recommends” should reduce the size. But it’s also true protonmail-bridge requires many dependencies that are related graphical interface. I think protonmail-bridge has both command-line and GUI included in a single package.
          Read more
          • Anonymous Anonymous
            Thanks but it doesn’t work. Finally I installed all the suggested packages. I also installed “pass”, but your tutorial does not explain how to use “pass”. You only put the command line for gnome-keyring-daemon
        • yeah, I’m kind of reluctant to write about the option of “pass”. Users have to set up a GPG key without a passphrase in order to use protonmail-bridge & pass together on a headless server. So it is a little bit too much to cover if I have to explain to readers what a GPG key is. I’ll see what I can add to this blog post regarding “pass”. Maybe I’ll just write the command-lines without explanation. See the newer post here.
          Read more
          • Anonymous Anonymous
            Thank you, yes it would be nice with the command lines. Can you explain to me how to restart protonmail-bridge ? ubuntu@www-example-com ~ $ sudo protonmail-bridge –cli INFO[0000] Run app appLong=”Protonmail Bridge” appShort=bridge args=”[protonmail-bridge –cli]” build=”2020-05-19T00:33:31+0200″ pkg=main revision=50ed40f205 runtime=linux version=1.2.7 ProtonMail Bridge is not able to detect a supported password manager (pass, gnome-keyring). Please install and set up a supported password manager and restart the application. Frontend error Here is how I installed “pass” : $ sudo apt install pass $ sudo pass init contact@example.com $ sudo pass insert protonmail-bridge/mathieulebert I entered the protonmail password
            Read more
  4. Anonymous Anonymous
    https://serverfault.com/questions/1020514/how-to-install-protonmail-on-ubuntu-server-20-04

Leave a Reply to mrl Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.