ProtonMail Bridge Setup

Sat, Sep 19, 2020

Setting up Bridge with a seperate password store

I originally had a seperate user for bridge do to it’s use of pass and having issues with git commit signing. Setting up on a new system has made me rethink that. pass allows setting a dir for the password store, so we’re going to use that functionality.

$ PASSWORD_STORE_DIR=$HOME/.local/share/bridge-store pass init <key-id>

Then we create a wrapped script:

#!/bin/bash
PASSWORD_STORE_DIR=$HOME/.local/share/bridge-store <bridge-command> --cli "$@"

This give bridge it’s own store if started with the wrapper, it’s encrypted with my gpg key which is on a yubikey so more secure than one without a password. This ends up being simpler than the next section which I’ll keep around incase I ever need a different way of doing this for some reason.

Bridge Setup with seperate user

Protonmail Bridge is a neat little tool to get your protonmail emails onto your local machine. This offers several interesting possibilities for backup and using an alternative email client, ie mutt. Using it on linux is pretty painless, except for it’s interaction with my password store. I use pass with git and I have git setup to require signing for every commit. I also use a yubikey to store my gpg signing key and requires a pin for every signature. The protonmail bridge changes the information stored frequently and thus causes me an issue. I decided to solve it by creating a user, proton, on my system specifically to run the bridge with it’s own password store just for protonmail. This solves my issue with entering my pin frequently and also limits exposure of my other passwords to the protonmail bridge program.

I used the -g option and added the new user to my group so that I would have access

# sudo useradd -m -g myuser proton

# sudo su proton

Create a gpg key, start a tmux session first to avoid gpg permission denied error

# gpg --full-generate-key --expert

select ecc and ecc, use comment section for details on it being for protonmail bridge user, no password

initialize the password store

# pass init user@something.xyz

Then setup the protonmail bridge

Automating the startup of the bridge and getting mutt setup will be in a forthcoming post(s)