[guardian-dev] Gibberbot (ChatSecure) OTR keystore changing format

Hans-Christoph Steiner hans at guardianproject.info
Fri Jul 5 10:36:55 EDT 2013 

The problem is not the XMPP Resource so much as its not storing multiple
public keys for a single XMPP ID.  Adding the Resource only partially helps
there.  I think a much better solution would be to make Gibberbot use and
store multiple public keys for a given XMPP ID and entirely ignore the
Resource when it comes to OTR keys.  This is basically what libotr does.  And
libotr does not use the Resource when checking whether a account/fingerprint
are in the local fingerprint store.

The Gibberbot process for matching the current remote ID with the stored
fingerprints should check against all stored matches, and not just assume
there is one.  Gibberbot should also be able to write out multiple
fingerprints/public keys for a given account ID.

The way that Pidgin uses the Resource in the unique ID in OTR key store makes
it much harder to manage when doing key syncing, and provides no benefit that
I can see.  When syncing public key info from other apps, OTRFileConverter has
to lookup the Resource info from the Pidgin config files.

Adding the Resource to the Gibberbot format will entirely break the syncing of
trusted public keys because OTRFileConverter currently has no way to query
Gibberbot to see which Resource it should use for a given account.

.hc

On 07/04/2013 07:27 PM, c1.devrandom at niftybox.net wrote:
> Hi HC,
> 
> In order for https://dev.guardianproject.info/issues/247 to be fixed, we
> must append the resource to the JID when storing the public key and
> fingerprint properties in otr_keystore.  This is also required if we
> want to keep track of all keys for a peer and offers better
> compatibility with Pidgin's format.
> 
> I have implemented this and testing now.
> 
> There is no changed to the "verified" property name, since that is
> disambiguated by the fingerprint.
> 
> https://github.com/devrandom/Gibberbot/commit/ba625affc76f9ee53a27af711bbac5e6d6b492c1
> 
> --
> Miron
> 

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Guardian-dev mailing list