[guardian-dev] Gibberbot: add strong encryption level

[Satz Klauer]

Hi,

I'm aware of the fact that Gibberbot already uses OTR encryption but
from what we have learned the last weeks this may not be completely
secure. Thus I'd suggest an additional mechanism based on asymmetric
encryption. That's what I'd imagine:

- a user generates a pair of keys within its local App (2048 bits or more)
- the private key is stored locally only and can be exported to store
it somewhere (backup) and imported (t obe used from more than one
device)
- when a user meets an other person he wants to communicate with, both
exchange their public keys via Bluetooth
- the clients keep the information that both can communicate encrypted
- now all communication between both are done encrypted, doing the
encryption on the endpoints only so no vulnerable servers are involved

I'm not familar enough with XMPP protocol but I guess such an
encrypted message could be sent as plain, Base-64-encoded text too -
so no server side changes are necessary.

Key exchange via Bluetooth seems to be compilcated but it ensures
there is no "Man In The Middle" since a face-to-face verification is
done.

Weak point in this idea: when somebody loses his phone with the
private key on it, it could be abused. May be a mechanism is required
that informs other users the key is no longer secure and a new
face-to-face key exchange has to be done.

Any thoughs on this idea?

Thanks

:-)