androidclient icon indicating copy to clipboard operation
androidclient copied to clipboard
verified publisher icon kontalk

Implement OpenPGP for XMPP

Open daniele-athome opened this issue 9 years ago • 13 comments

XEP-0373: https://xmpp.org/extensions/xep-0373.html (base) XEP-0374: https://xmpp.org/extensions/xep-0374.html (IM profile)

daniele-athome avatar Jan 25 '16 20:01 daniele-athome

:+1:

h-2 avatar Feb 08 '16 16:02 h-2

Extension element is added to client-common-java.

I'm unsure what's the best way to detect which encryption XEP to use for which receiver. When making the switch to 0373 we have to support both, 0373 and RFC 3923, for some time. In 0374 a Service Discovery request is used, but (if understand this correctly) the client has to be online to answer the request and before that it is unknown what is supported. I don't think this is really useful.

Alternatives:

  • using the version information already used by the Android client?
  • sending both, the 3923 and 0373 extension element for each outgoing messages? The receiver client uses 0373 if supported. Or 3923 if its an old one.

And new public key exchange is done over PubSub/PEP which is currently turned off on the server.

abika avatar Mar 18 '17 13:03 abika

Just for curiosity...

Would it be possible to chat encrypted with Conversations users if this XEP is implemented in Kontalk?

webratte avatar Mar 18 '17 15:03 webratte

Only if it will be implemented in Conversations, too. And this is not done (yet), see siacs/Conversations#2196. Encryption in Conversation is focused on OMEMO rather than PGP, if @inputMice is not doing it, somebody has to volunteer.

abika avatar Mar 18 '17 16:03 abika

Thank you. Too Bad.

I found this on there Playstore description:

Features • End-to-end encryption with either OMEMO, OTR or OpenPGP

And I hoped this is a relationship to the part OpenPGP

webratte avatar Mar 18 '17 16:03 webratte

[I confused XEP-0027 with RFC 3923, changed that above.]

Well, that is not wrong, but there are three different protocols now for OpenPGP:

  • RFC 3923, used by Kontalk
  • XEP-0027, used by Conversations, not really supported by Kontalk
  • XEP-0343/0374, the shiny future nobody is using yet

And I found this now: siacs/Conversations/pull/1698. Work was started but not finished. Maybe the working parts of it can be used.

abika avatar Mar 18 '17 16:03 abika

Thak you again.

Would it be a big thing to Support XEP-0027 in Kontalk?

I'm not a Developer and have no idea about how much work would it be.

But I'm sure it would be a great thing if Kontalk and Conversations could share there user base. Both would benefit from it.

There is no competition between Kontalk and Conversations.

Kontalk users love Phone numbers as JID. Conversations users don't like share there phone number.

A collaboration could fix this dilemma and both could communicate to each other on a secure way.

I think you should more work with each other not against each other.

Otherwise Moxi Marlinspike is right and XMPP will die. And I think this would be too bad......

I hope @inputMice will also read this and think about it.

Thank you all for work on free messaging Apps to make communication intepentend from big companies like Facebook, Google and so on.

webratte avatar Mar 19 '17 09:03 webratte

But I'm sure it would be a great thing if Kontalk and Conversations could share there user base. Both would benefit from it. There is no competition between Kontalk and Conversations.

I agree with you. But the support for XEP-0027 would not gain much benefit. The hard part is the key exchange between standard XMPP and Kontalk clients and XEP-0027 does not cover this.

Well, I hope XEP-373/4 will come soon on both sides.

abika avatar Mar 24 '17 13:03 abika

Would it be a big thing to Support XEP-0027 in Kontalk?

Unfortunately pure XEP-0027 has some serious security concerns which I tried to counteract by adding some features of RFC 3923 - making it non-standard.

I think you should more work with each other not against each other.

I don't believe we are working against each other; we simply have two different views and I believe we are working in parallel towards two different ends. That doesn't mean one project couldn't benefit from the other.

Thanks @abika for the implementation on client-common-java. I see you've advanced to Smack 4.2, good, but I need to test it against the Android client before advancing it (I have some custom classes on top of some internal Smack stuff). I'll review it as the first thing after releasing (the long-awaited) 4.0.1.

daniele-athome avatar Apr 10 '17 10:04 daniele-athome

I understand what you mean. But I think the "problem" are the different ends.

I simply dream of a communication with other people, no matter what there favorite client.

Similar to Mail but better (e.g. encryption by default).

webratte avatar Apr 10 '17 10:04 webratte

Is this issue still being worked on?

Solomon1732 avatar Mar 05 '19 12:03 Solomon1732

We're prioritizing OMEMO now, so OpenPGP integration became somewhat low priority, sorry.

daniele-athome avatar Mar 05 '19 13:03 daniele-athome

Oh, ok, cool. I got to this issue from the specs/encryption file, which mentions this issue and links to it. Might want to update it to avoid further confusion.

Solomon1732 avatar Mar 05 '19 13:03 Solomon1732