Bug #247

Do not overwrite local public key with our own remote public key

Added by devrandom over 5 years ago. Updated about 4 years ago.

Status:ClosedStart date:08/12/2012
Priority:HighDue date:
Assignee:devrandom% Done:

0%

Category:-
Target version:v12 - March Mantra
Component:OTR

Description

This can happen if chatting with another resource for our own account, in particular when testing multiple local accounts.


Related issues

Related to ChatSecure:Android - Bug #211: There isn't easy way to move fingerprints of OTR keys fro... Closed 07/17/2012

Associated revisions

Revision ba625aff
Added by devrandom over 4 years ago

Use full JID when storing public keys and fingerprints

Use full JID - with resource.

fixes #247

Also:
  • Clear connection status earlier in Service lifecycle
  • Keep multiple OTR session states, one per peer presence

Revision 0746c783
Added by n8fr8 over 4 years ago

Merge pull request #247 from n8fr8/emoji

Emoji

History

#1 Updated by devrandom over 5 years ago

There is a more general issue - the current keystore format supports only one key per XMPP address (). Consider switching to the Pidgin format.

#2 Updated by devrandom over 5 years ago

  • Target version changed from v10 - June Jaunts to v11 - January Judo

#3 Updated by n8fr8 almost 5 years ago

devrandom wrote:

There is a more general issue - the current keystore format supports only one key per XMPP address (). Consider switching to the Pidgin format.

wouldn't using the full address /z where z is the resource, solve this problem?

#4 Updated by n8fr8 almost 5 years ago

  • Target version changed from v11 - January Judo to v12 - March Mantra

#5 Updated by hans over 4 years ago

The problem is not the XMPP Resource so much as its not storing multiple public keys for a single XMPP ID. Adding the Resource only partially helps there. I think a much better solution would be to make Gibberbot use and store multiple public keys for a given XMPP ID and entirely ignore the Resource when it comes to OTR keys. This is basically what libotr does. And libotr does not use the Resource when checking whether a account/fingerprint are in the local fingerprint store.

The Gibberbot process for matching the current remote ID with the stored fingerprints should check against all stored matches, and not just assume there is one. Gibberbot should also be able to write out multiple fingerprints/public keys for a given account ID.

The way that Pidgin uses the Resource in the unique ID in OTR key store makes it much harder to manage when doing key syncing, and provides no benefit that I can see. When syncing public key info from other apps, OTRFileConverter has to lookup the Resource info from the Pidgin config files.

Adding the Resource to the Gibberbot format will entirely break the syncing of trusted public keys because OTRFileConverter currently has no way to query Gibberbot to see which Resource it should use for a given account.

#6 Updated by devrandom over 4 years ago

To clarify, there are two things that are not changing. The local pubkey/privkey pair is still stored with the bare JID (uppercase strings are generic placeholders below):

=...
=...

Also, the verification status is stored keyed on the fingerprint:

=true

What is changing is the storage of remote pubkeys and unverified fingerprints (/RES was added):

X@Y/RES.pubkey=...
X@Y/RES.fingerprint=...

However, these two items do not need to be synced - they are just used internally in GB.

The Gibberbot process for matching the current remote ID with the stored
fingerprints should check against all stored matches, and not just assume
there is one. Gibberbot should also be able to write out multiple
fingerprints/public keys for a given account ID.

I think this is already the case. As discussed on IRC, the only thing that's inconvenient is that it's hard to get from the existing format whether a fingerprint has been seen, if it hasn't been verified.

So I'm going to add:

=false

for all unverified but seen fingerprints.

#7 Updated by devrandom over 4 years ago

  • Status changed from New to In Progress

#8 Updated by devrandom over 4 years ago

  • Component set to OTR

#9 Updated by n8fr8 over 4 years ago

  • Status changed from In Progress to Resolved

#10 Updated by n8fr8 about 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF