Daniele Ricci

You're right, it will probably be a pain... Let's go through the encrypted exchange then. Shall we open an [encrypted session](http://xmpp.org/extensions/xep-0116.html)? Just kidding :-) Ok seriously now: once the password...

I have some thoughts about that. Android part: - app uploads the encrypted key - server replies with a **very long** identifier (we'll call it a _registration token_) Desktop part:...

Now that I think about it, this protocol could also be used for Android-to-Android account pairing (that is, multiple devices with the same key).

@abika the problem with this approach is that the token is client generated. That is not acceptable sorry, the token has to be generated by the server, it's too important...

@shirishag75 WhatsApp has no encryption key to exchange between devices. Everything is in cleartext.

[I was replying by editing your comment. Again. Fortunately I realized that just before pressing the save button] > Guess you're right, but what exactly is the problem here? The...

> My experience is that my don't care about that. But the Android app should generate a secure passphrase, anyway. Token & passhrase should be around 160bits, so no matter...

I was thinking of using the `jabber:iq:register` namespace. It supports custom forms (we can use a new form field to include the private key) and the Tigase module I wrote...

Sorry if I'm delaying this, I'm working to release 3.1.2 with some stuff to not appear dead as a project :-) Just a simple notification reconnecting to kontalk/androidclient#505. I'm including...

No, trusted keys information is a client-side thing. XEP-0049 stores information on the server. The mechanism I'm talking about is just to exchange that information between clients.