ChatSecure-iOS icon indicating copy to clipboard operation
ChatSecure-iOS copied to clipboard

Published 20 hours ago verified publisher icon ChatSecure

OMEMO Key Pinning

Open sindastra opened this issue 6 years ago • 3 comments

I propose the option be added to pin OMEMO keys, so that you don't have to keep enabling them whenever "removed by server" or other reasons.

Basically in the same way Conversations for Android handles it. The current way ChatSecure does it, is highly inconvenient when you (or the other end) uses multiple devices (but not all concurrently) as keys seem to "expire" often and have to be manually re-enabled.

sindastra avatar May 04 '19 13:05 sindastra

There is at least one other issue dealing with this, that indicates that something in that area is buggy. See #1006

kmq avatar May 07 '19 12:05 kmq

It has been a year now and this issue is still relevant. I manually go and verify OMEMO keys with my contacts, to see which ones are valid and which aren't. But then, after some time, ChatSecure indicates "removed by server" (does not show on other clients like Conversations) and I have to manually verify again. Eventually, this leads to an inconvenient state where you just enable all keys to be able to send a message, which is less secure than if the keys could be pinned from the start. If anyone has time, please add the option to pin OMEMO keys.

sindastra avatar Jun 19 '20 08:06 sindastra

Maybe I should clarify that this issue is not a duplicate of #1006 as my proposal is to implement key pinning which would bypass key expiration altogether.

sindastra avatar Jul 26 '20 23:07 sindastra