[guardian-dev] working sync for Gibberbot file-based OTR key sync

Hans-Christoph Steiner hans at guardianproject.info
Mon Apr 15 19:21:36 EDT 2013


I got the first version of the file-based key syncing working in Gibberbot!
Its just the guts without any GUI support (i.e. QRCode password scanning, bad
password handling, etc).  Now when otrfileconverter outputs in Gibberbot
format, it automatically generates an AES-256-CBC encrypted file and a QRCode
for the password.  The password is generated by taking the X component of the
first private key found, adding it with a 16 byte random salt, then hashing it
with SHA-256.

otrfileconverter currently outputs the QRCode to the terminal (ASCII art!) and
generates a PNG of it.  Next up, the otrfileconverter-gui will also display
the QRCode.

Right now, Gibberbot looks for a file called otr_keystore.ofcaes (Otr File
Converter A E S) in the External Storage (i.e. /sdcard).  If its present, it
is automatically imported and then it deletes the original as a way to
represent that the import was successful.  There will need to be GUI code
written to prompt the user to scan the QRCode password, and handle bad passwords.

I pushed the Gibberbot changes to my own repo:
https://github.com/eighthave/Gibberbot

And the otrfileconverter stuff is in the main repo:
https://github.com/guardianproject/otrfileconverter

Nathan, do you think you can handle the GUI changes to Gibberbot?  I'm a bit
lost there.

Abel, I failed at getting AES-256-GCM going, so I used AES-256-CBC to get the
ball rolling.  If you think we must use GCM, then can you take that on?  It
seems that openssl generates the key in a whack way, so there is a special
method in the new AES_256_GCM.java class to do it the openssl way.  Maybe we
need to try skipping the openssl format, and try using M2Crypto
(openssl-based) to generate a good AES-256-GCM format.

.hc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 939 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130415/ba38cd02/attachment.pgp>


More information about the Guardian-dev mailing list