gomuks icon indicating copy to clipboard operation
gomuks copied to clipboard

Published 20 hours ago verified publisher icon tulir

Handle incoming verification requests

Open tulir opened this issue 4 years ago • 11 comments

tulir avatar Aug 31 '20 22:08 tulir

Is there a workaround to validate gomuks?

languitar avatar Dec 21 '21 14:12 languitar

there are (I imagine) several workarounds. This worked for me: from gomuks: /fingerprint from element android: Settings -> Security & Privacy -> Active Sessions -> Show All Sessions -> gomuks -> Manually verify by text. Check the fingerprints match and click verify.

eleanor-clifford avatar Dec 21 '21 16:12 eleanor-clifford

I must be blind. I don't have a "Manually verify by text" in Element.

languitar avatar Dec 21 '21 16:12 languitar

aaah, that only exists on android :see_no_evil:

languitar avatar Dec 21 '21 16:12 languitar

It exists on web too, you just have to use the user list to view your sessions and then click on the specific session.

You can also use /cs fetch + /cs self-sign to use cross-signing to verify yourself without another device

tulir avatar Dec 21 '21 16:12 tulir

It exists on web too, you just have to use the user list to view your sessions and then click on the specific session.

That's pretty well hidden and in an unexpected place. Verification of own sessions shouldn't be related to UI that only exists for specific rooms...

In any case: if implementation of interactive verification takes some more time, maybe a note in the documentation could help to avoid this confusion in the future?

languitar avatar Dec 22 '21 08:12 languitar

Maybe something has changed in Element in the meantime, but I really can't find any of the ways to manually verify by text. What is the current proper workaround to verify the gomuks session?

proycon avatar Nov 05 '22 16:11 proycon

Maybe something has changed in Element in the meantime, but I really can't find any of the ways to manually verify by text. What is the current proper workaround to verify the gomuks session?

This https://github.com/tulir/gomuks/issues/205#issuecomment-998927759 should work.

mcepl avatar Nov 05 '22 17:11 mcepl

Not really, I tried that.. /cs fetch It prompts for a "passphrase", but neither my account password nor the "security key" (from Riot/Element) works. /cs status says: Cross-signing keys are published, but private keys are not cached

I also exported E2E room keys from Element and then used /import in gomuks (which also prompted for a passphrase, but here my account password did work fine).

But whatever I try the gomuks sessions remain 'unverified' in Element.

proycon avatar Nov 15 '22 22:11 proycon

Same issue as proycon. Would appreciate a complete workflow on how to get gomuks cross-signed and e2ee just working when using it as a secondary client in addition to Element.

quite avatar Aug 18 '23 09:08 quite