[guardian-dev] Gibberbot keystore format
Hans-Christoph Steiner
hans at guardianproject.info
Mon Aug 13 12:26:32 EDT 2012
All of the OTR file formats that I have ever seen store the private keys in the clear. But one key per contact is problematic. The migration will be quite a bit of work, so I think we should take our time to get it right. I've been thinking that a better format would be to store the private keys as subkeys of your GPG key. If the user doesn't have one, we can generate it.
If we base this off of gpg, it will give us lots of very nice features for free. This is the goal of the next round of PSST, which is slated to start in October. Maybe its worthwhile to hack around the current format in the meantime?
.hc
On Aug 13, 2012, at 12:17 PM, Miron wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A couple of issues with the current implementation:
>
> * Only one key stored per contact. That means that if a contact has
> multiple presences, they will overwrite each-other.
> * Private key stored in same file, in the clear.
>
> BTW, yaxim doesn't have OTR AFAIK.
>
> On 13/08/12 08:00, Hans-Christoph Steiner wrote:
>>
>> I'd say leave it as it is unless there is a good reason to switch
>> it. Currently the Jitsi and Gibberbot (otr4j-based) use Java
>> .properties files for their keystores. I think Beem and yaxim are
>> otr4j-based, but I don't know anything about the file format for
>> the keystore.
>>
>> .properties files are really far easier to deal with in Java than
>> the libotr format of pidgin.
>>
>> .hc
>>
>> On Aug 12, 2012, at 2:36 PM, Miron wrote:
>>
>>> Actually, it might be even better to store it in SQLite,
>>> anticipating the move to SQLCipher. We would then need an export
>>> function.
>>>
>>> On 12/08/12 09:20, Miron wrote:
>>>>
>>>> Hans,
>>>>
>>>> I am considering a switch of the keystore format to what Pidgin
>>>> has. See
>>>>
>>>> https://dev.guardianproject.info/issues/247
>>>>
>>>> Opinions?
>>>>
>>>>
>>>
>>> -- -- Miron http://hyper.to/blog/
>>>
>>
>
>
> - --
> Miron
> http://hyper.to/blog/
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIVAwUBUCkojZifazBIoRa1AQL0Hg//b6euAhb3Oz5dntt+KlG47pYZWhNz2fA3
> LUnfbvqviqp13TgkOOTYddpzHHETDz3QyC0MCdoW0OUk9cS98hJGYjw5qvf0c4xi
> vcCr5O/wBXjgangqcvNekmNo4CejY2EglKowp0xHX2CYbMurRx5b7a2ocvfbOaR9
> po7kAnhrMpUA0Vsbw+YMHDVa4y07lXWw/KyDmrZzDNRFWtyEoQaJmw7k24tKHD3c
> 8nywUxi8I2bpXKsd10Rgo/c/m1Ej9hlelukMcBy4WgD+xFd04INqvtX7fkUwt82l
> ieYXVMHUcgEkG7LhNYHQpA3Vje+Ghvo8pI1fSO93+/+Rol/fiqUXgHz0+JuZv67i
> DCNYkfC3HI3C3k3AXjnib89EZWzkfLP1S8kURYvAqcMYFssZhUYGbp3CGt49BSvI
> I6fbVVTSLIi9V0lRdYEBxMzXtwVZoDXsAhxHaq6nBBtRRBnFW+Tc5WrLEJTKAXRu
> YqGpqdKu9GEn+9M62s5qhY8j7KQ9ryJf1IyToClFkQ8gYg5gEWLpoZgZ0lID/csu
> FKDDXq2IQHwhhaZEauhAnLsusRMtPr4xCCjpIMVVEEsRFBDstUHrf0Zxx/5XquLx
> 8fExCrfHEPrxJ1f4yfI2vAxb+yBwLKkP4jS17LlKSMJ0cI9yDRINSDn4UXYYe8+Z
> ClglHJEUPbo=
> =YoxZ
> -----END PGP SIGNATURE-----
More information about the Guardian-dev
mailing list