[guardian-dev] Gibberbot (ChatSecure) OTR keystore changing format
c1.devrandom at niftybox.net
c1.devrandom at niftybox.net
Fri Jul 5 14:49:51 EDT 2013
On 07/05/2013 07:36 AM, Hans-Christoph Steiner wrote:
>
> The problem is not the XMPP Resource so much as its not storing multiple
> public keys for a single XMPP ID. Adding the Resource only partially helps
> there. I think a much better solution would be to make Gibberbot use and
> store multiple public keys for a given XMPP ID and entirely ignore the
> Resource when it comes to OTR keys. This is basically what libotr does. And
> libotr does not use the Resource when checking whether a account/fingerprint
> are in the local fingerprint store.
To clarify, there are two things that are not changing. The local
pubkey/privkey pair is still stored with the bare JID (uppercase strings
are generic placeholders below):
X at Y.pubkey=...
X at Y.privkey=...
Also, the verification status is stored keyed on the fingerprint:
X at Y.FINGERPRINT.verified=true
What is changing is the storage of remote pubkeys and unverified
fingerprints:
X at Y/RES.fingerprint=...
>
> The Gibberbot process for matching the current remote ID with the stored
> fingerprints should check against all stored matches, and not just assume
> there is one. Gibberbot should also be able to write out multiple
> fingerprints/public keys for a given account ID.
I think this is already the case. As discussed on IRC, the only thing
that's inconvenient is that it's hard to get from the existing format
whether a fingerprint has been seen, if it hasn't been verified.
So I'm going to add:
X at Y.FINGERPRINT.verified=false
for all unverified but seen fingerprints.
>
> The way that Pidgin uses the Resource in the unique ID in OTR key store makes
> it much harder to manage when doing key syncing, and provides no benefit that
> I can see. When syncing public key info from other apps, OTRFileConverter has
> to lookup the Resource info from the Pidgin config files.
>
> Adding the Resource to the Gibberbot format will entirely break the syncing of
> trusted public keys because OTRFileConverter currently has no way to query
> Gibberbot to see which Resource it should use for a given account.
>
> .hc
>
> On 07/04/2013 07:27 PM, c1.devrandom at niftybox.net wrote:
>> Hi HC,
>>
>> In order for https://dev.guardianproject.info/issues/247 to be fixed, we
>> must append the resource to the JID when storing the public key and
>> fingerprint properties in otr_keystore. This is also required if we
>> want to keep track of all keys for a peer and offers better
>> compatibility with Pidgin's format.
>>
>> I have implemented this and testing now.
>>
>> There is no changed to the "verified" property name, since that is
>> disambiguated by the fingerprint.
>>
>> https://github.com/devrandom/Gibberbot/commit/ba625affc76f9ee53a27af711bbac5e6d6b492c1
>>
>> --
>> Miron
>>
>
More information about the Guardian-dev
mailing list