Matrix Encryption E2EE with FluffyChat and Pantalaimon on Ubuntu Touch Guide

teoneo

There is FluffyChat in OpenStore for using Matrix on Ubuntu Touch, but it cannot handle encrypted messages.

It's still possible to use Matrix E2EE via Pantalaimon. It acts as reverse proxy daemon and handles the encryption for FluffyChat (and also for other clients like uMatriks). Pantalaimon is not available from OpenStore (anyone willing to handle this task, go for it!) but the setup is still easy. There are some tricky parts though, this is why I created this guide.

In short:

1. Download Pantalaimon, UT Tweak Tool (for using "Click install" of Pantalaimon) and FluffyChat
2. Start UT Tweak Tool, install Pantalaimon
3. Start Pantalaimon UT from the drawer, configure Homeserver/proxy settings, start service
4. Start FluffyChat (if it was installed before, logout first), choose Pantalaimon as Homeserver, log in
5. For device verification there is the CLI tool panctl, start in Terminal via command: /opt/click.ubuntu.com/pantalaimon.thrrgilag/current/panctl
6. Restart

These are the basic steps. Here is a more detailed guide:

I. As I mentioned Pantalaimon is not available from OpenStore but it can be easily downloaded form here:

https://git.sr.ht/~thrrgilag/pantalaimon-ut/refs/0.6.0

Choose the right package - arm64 or armhf (<-this is e.g. for Nexus 5) - download and check sha256 hash via:
sha256sum pantalaimon.thrrgilag_0.6.0_armhf.click

More info can be found here: https://thrrgilag.net/post/pantalaimon-ut-0-6-0/

II. Open UT Tweak Tool, choose Click install in Menu/System and install the downloaded Pantalaimon package. If there is a Signature check failed error message, it might be the wrong package for your device.

III. After Pantalaimon was installed, start Pantalaimon UT from the drawer. Configure the Homeserver (add Homeserver) and proxy. If you have an account on matrix.org, the default settings will work fine. Default proxy settings work fine as well. Start the service with the first switch.

IV. IF you used FluffyChat before, it's important to log out first. Otherwise choose Pantalaimon as Homeserver (hamburger menu/Change homeserver) and log in with your matrix id.

V. At this stage e2ee messages might not be readable (decrypted) yet, but chats should be available. For Pantalaimon there is device verification required.

This is why I logged in using the browser on a separate device (computer) and the Element webapp via element.io and used this device for verification (under "Security&Privacy").

VI. Open Terminal on UT, start panctl via the command:

/opt/click.ubuntu.com/pantalaimon.thrrgilag/current/panctl

If you start to type commands in panctl, it will open a little window with commands to choose from.

The command should be (using your matrix id two times):

start verification @yournick:matrix.org @yournick:matrix.org ABCDEFGH

<-this last part is the device_id as show on Element under "Security&Privacy" but for getting the device_id you can also use the command: list-devices @yournick:matrix.org @yournick:matrix.org

The terminal output should be something with "Successfully started the key verification request".

In the Element webapp there will appear a window to Accept the request. Verification uses a list of symbols (shown in the Terminal as well).

In the Terminal use the following command:

confirm-verification @yournick:matrix.org @yournick:matrix.org ABCDEFGH

After that also confirm in the Element webapp that they match. Under Security&Privacy Pantalaimon should be now "Verified". It will also show FluffyChat as signed in.

VII. After the verification was completed, it required a restart of Ubuntu Touch for me. After restart it started to work properly (FluffyChat opened with the matrix user logged in). Sometimes I receive messages on the UT splash screen saying something like: "You did not send messages with FluffyChat yet", although I have already been using FluffyChat with Pantalaimon.

(Some hints for verification in general from this blog might be helpful: https://www.cogitri.dev/posts/10-pantalaimon-setup/ )

It's been working fine for me so far. I'm not sure but it looks sending images do not work. FluffyChat is really nice, simple and easy to use.

PhoenixLandPirat

I think its also good to note that even though Cinny isn't in the OpenStore as of yet, it's coming along nicely, and that will support encryption and encrypted messages without the need to install pantalaimon in such a way, options are nice and fluffychat has a more touch focused interface which fits into Ubuntu Touches athstetic better.

Over time hopefully we'll get more matrix apps and more features in them, and then matrix will be a more enjoyable experience for more people.

StandUpMobile

Thanks for the write up!

I have been running with this setup for a while. Couple of other things to point out (maybe there are solutions I've missed?):

I can not get images/pictures in encrypted chats: Just shows a cloud with an exclamation point in it. On UN-encrypted chats, the images come in fine.

"Spaces" are not handled properly - they show up as chats/rooms with no real content in them.

Perhaps obvious, but worth to point out that calls don't work (voice nor video) ... although I think it rings.

teoneo

@standupmobile Yes, when sending/getting an image it shows a cloud symbol in e2ee chats for me too.

However it looks the images are still sent. After a click on the symbol, it will open a new window with a download button. At least this seems to work as a workaround in such cases.

thrrgilag

Thanks for putting this together.

With regards to the thumbnail issue in encrypted rooms, I think I've narrowed down the issue in FluffyChat, just need to get a proper patch put together. I'll post an update when it happens.