The email bot implements ONS-1, but instead of a Nostr client it uses an Email client with PGP support (DeltaChat module).
The high-level setup is:
fill = white box rad 10px "Delta Chat app" "alice@email.com" fit arrow <-> right 300% "Mail messages" "PGP sign + enc" BotBox: box rad 10px "Oak Email Bot" "bot@email.com" fit LnArrow: arrow <-> down from last box.s LnBox: box same "LND Node" fit box height (BotBox.ne.y-LnBox.se.y)+linewid \ width BotBox.width+linewid \ at LnArrow.center \ fill 0x9accfc \ behind LnBox "Raspi, VM, etc" below at last box.s→ /pikchrshow
A typical interaction with the email bot consists of:
In the DeltaChat app, you send your command to the bot
- DeltaChat automatically prepares a signed and encrypted email with your command
- The email is sent to your bot's email address
The bot receives your command
- It is constantly monitoring it's email inbox
- When it receives a new email, it checks if it's signed and encrypted with your PGP key
- If yes, it treats it as a command
- If no, it deletes and ignores the email
The bot executes your command
- It connects to your LND node and makes an API call based on your command
The bot sends you a message about the result of your command
- The bot uses its own DeltaChat module to sign and encrypt an email to you using the bot's PGP key
On your phone, DeltaChat shows the reply from your bot
- It checks if the incoming message matches the expected PGP fingerprint
- If yes, it is shown in the chat as a secured message (padlock icon)
- If no, an alert is shown in the chat
Authentication
For the Email bot, commands are considered authenticated when they:
- come from the owner's email address and
- are encrypted for the bot's PGP public key and
- are signed with the owner's PGP private key
A malicious user spoofing the owner's email account and sending commands to the bot will have his messages ignored.
Implementation notes
DeltaChat uses Autocrypt for the PGP setup.
It also uses countermitm to protect against active adversaries.
Read more here: https://delta.chat/en/help#does-delta-chat-support-end-to-end-encryption