profanity icon indicating copy to clipboard operation
profanity copied to clipboard
verified publisher icon profanity-im

Cannot use OMEMO on anonymous servers

Open Zapzapzap opened this issue 1 month ago • 5 comments

Hello. I am trying to use OMEMO to chat between two anonymous accounts on the same server (both running on the same PC, both using profanity via split screen). Although both unencrypted and OTR messaging work as expected, I can't make OMEMO work.

I hope the information provided below is useful and I would like to thank you for developing this useful piece of software.

Expected Behavior

Successful establishment of OMEMO session.

Current Behavior

Trying to establish an OMEMO chat with another anonymous account the error returned is Can't find a OMEMO device id for xxx@server. This happens although a /omemo gen command has been successfully executed on both clients. Also, connecting to the same server anonymously via converse.js (provided by the server) and initiating a 1-to-1 chat between converse.js and profanity works for unencrypted messages, but browser reports that the other party (i.e. profanity) does not support OMEMO.

Possible Solution

I am not sure about this, but the fact that during multiple anonymous connections to the same server there is a common directory used ~/.local/share/profanity/omemo/jid for omemo files might play a role. Also, I am not sure if OMEMO can be started between accounts that do not or, in the case of anonymous connections, probably cannot be added to each other rosters.

Steps to Reproduce (for bugs)

  1. split screen via a multiplexer like screen

  2. profanity -r "/connect server" and press enter because profanity asks (bug?) for password for anonymous connection. A random username will be returned, let's say it's A@server

  3. profanity -r "/connect server" and press enter because profanity asks (bug?) for password for anonymous connection . A random username will be returned, let's say it's B@server

  4. A@server> /omemo gen. reply> OMEMO cryptographic materials generated. Your Device ID is 123.

  5. A@server> /omemo fingerprint reply> Your OMEMO fingerprint: aaa-bbb reply> There is no known fingerprints for A@server

(the last message above might be meaningful)

  1. A@server> /omemo trust A@server aaa-bbb reply> Cannot trust unknown device: aaa-bbb reply> A@server's OMEMO fingerprint: aaa-bbb

(the message above might be meaningful)

  1. B@server> /omemo gen reply> OMEMO cryptographic materials generated. Your Device ID is 456.

  2. A@server> /msg B@server (without the stuff after the slash)

  3. A@server (chat window)> /omemo fingerprint reply> There is no known fingerprints for B@server

  4. A@server> /omemo start

  5. A@server> test messagereply> Can't find a OMEMO device id for B@server.

Context

I am experimenting with OMEMO and profanity.

Environment

  • Profanity, version 0.15.0 Build information: XMPP library: libstrophe Desktop notification support: Enabled OTR support: Enabled (libotr 4.1.1) PGP support: Enabled (libgpgme 1.24.2) OMEMO support: Enabled C plugins: Enabled Python plugins: Enabled (3.13.5) GTK icons/clipboard: Enabled GDK Pixbuf: Enabled

  • Debian stable, updated as of Nov 15th, 2025

  • libglib2.0 2.84.4-3~deb13u1

  • libstrophe version 0.14.0-4

  • Server software Name : Prosody Version : hg:ebd6b4d8bf04 OS : Linux

server used in all cases: (rot13) abzabz.vz

Note that the same thing happens with another server instance running Prosody on Linux (version: hg:260a6feebe5f)

Zapzapzap avatar Nov 16 '25 09:11 Zapzapzap

Did you try sending a sub request between the two accounts? OMEMO requires that the two accounts have authorized each other.

sjaeckel avatar Nov 16 '25 10:11 sjaeckel

Also OMEMO is a bit brittle to setup initially, in the version you're using. I will open a PR later or tomorrow that makes this easier to use, but you'd have to build from source then.

sjaeckel avatar Nov 16 '25 10:11 sjaeckel

Does your server support PEP?

jubalh avatar Nov 16 '25 11:11 jubalh

Did you try sending a sub request between the two accounts? OMEMO requires that the two accounts have authorized each other.

That might be related to the issue here. While the sub requests succeed as expected, both accounts remain under "Unsubscribed" in each other's roster list. I would like to emphasize that both accounts are anonymous, and not registered.

Does your server support PEP?

The server returns <identity type="pep" category="pubsub"/> in the XML console after manually sending the respective XML request.

Also /disco info returns:

Features:
http://jabber.org/protocol/commands
http://jabber.org/protocol/disco#info
http://jabber.org/protocol/disco#items
jabber:iq:last
jabber:iq:private
jabber:iq:register
jabber:iq:roster
jabber:iq:time
jabber:iq:version
msgoffline
urn:xmpp:blocking
urn:xmpp:carbons:2
urn:xmpp:carbons:rules:0
urn:xmpp:ping
urn:xmpp:time
vcard-temp

Zapzapzap avatar Nov 16 '25 17:11 Zapzapzap

I've just tried the same:

prof: DBG: [OMEMO] publish crypto materials
prof: DBG: [OMEMO] publish own OMEMO bundle
prof: DBG: [OMEMO] Cannot publish bundle: no PUBSUB feature announced

and I've added a console message, that the server doesn't announce http://jabber.org/protocol/pubsub resp. http://jabber.org/protocol/pubsub#publish-options and therefore we can't publish the OMEMO bundle, so this can't work.

Not sure whether there's servers supporting pubsub for anonymous accounts, abzabz.vz doesn't. I'm pretty sure @weiss knows whether this is even technically possible.

Also please be aware that using multiple connections with the same name from the same machine may expose "unexpected behavior" of profanity ;)

If you plan to do so for further tests I suggest to do the following:

/account add aa0
/account set aa0 jid abzabz.vz
/account add aa1
/account set aa1 jid abzabz.vz

and then use /connect aa0 resp. /connect aa1.

sjaeckel avatar Nov 18 '25 12:11 sjaeckel