[guardian-dev] ChatSecure OTR key syncing

Chris Ballinger chrisballinger at gmail.com
Wed Oct 17 18:18:24 EDT 2012


Each app is sandboxed and there is no "generic" file storage on
iOS. However, I can turn on file access in iTunes that would allow people
to manually upload a different "otr.private_key" file. There might be
negative security implications from doing this because it means that any
computer that you plug your phone into will be able to read your private
key file. Perhaps I could implement it as a "dropbox" type system where you
could drop in a key, and the app will ask you if you want it to replace
your current private key which is in an area not accessible to the iTunes
file sharing interface.

As far as QR code stuff, Rich had an interesting idea for fingerprint
verification<https://github.com/chrisballinger/Off-the-Record-iOS/issues/32>,
but I imagine you guys are talking about moving around private keys in a
temporary QR code.

On Wed, Oct 17, 2012 at 12:47 PM, Abel Luck <abel at guardianproject.info>wrote:

> Hi Chris,
>
> We're moving forward with our PSST [1] project. Currently we're working
> on our app that syncs OTR key data between apps (Pidgin, Gibberbot,
> irssi, etc)
>
> We'd love to support ChatSecure of course :)
>
> At the moment we're just doing file syncing, but I don't think we have
> filesys access on iOS, correct?
>
> We've got some ideas in mind, but they're more complicated.
> * Local network using custom protocol
> * QR Code
>
> How would you propose syncing OTR keys? Any thoughts?
>
> [1]:https://guardianproject.info/wiki/PSST
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20121017/095afef1/attachment.htm>


More information about the Guardian-dev mailing list