OMEMO Tracking

[mar-v-in]

This is a feature tracking issue for the OMEMO plug-in. Please report bugs as seperate issues.

• Encrypt/decrypt messages
  • Single user chat
  • Multi user chat (GSoC)
• Display own fingerprint as text in account settings
• Extended account OMEMO UI
  • Display own fingerprint as text
  • Copy own fingerprint to clipboard
  • Display own fingerprint as QR code (GSoC)
  • Display other devices' keys
  • Un-/trust other devices (GSoC)
  • Remove devices from own devicelist
• Contact OMEMO UI
  • Display devices' fingerprints as text
  • Un-/trust devices (GSoC)
• Colorize displayed fingerprints to allow easy comparison
• OMEMO Encrypted Jingle File Transfer (depends on Jingle File Transfers, current ProtoXEP)
• OMEMO Encrypted HTTP File Uploads (ProtoXEP missing)
• Option to disable Blind Trust (GSoC)
• Notify on new own devices (GSoC)

Only colorizing fingerprints can be problematic, better have more contrast than just color, maybe

• font-weight
• size
• brightness
• background
• spacing
• indicator icon
• ...

[mar-v-in]

@mray The idea is to colorize in 4 hex character chunks, similar to OpenKeychain and group 2 chunks together (so that there are 8 groups of 8 characters, which is how OMEMO fingerprints are displayed in Conversations)

Oh, Ok. I expected coloring like Gajim does:

The colorizing you have in mind works fine of course.

[NicoHood]

I guess image/file sharing is not implemented yet? I got an URL like this: aesgcm://share.conversations.im/<user>/<a lot of numbers and chars>

[NicoHood]

Can't I receive pictures because its not implemented or because my server does not support it? I think its the first one. Because people send me picture all over and I need to tell them that I cannot decode them because of my client :(

[mar-v-in]

If you receive links with aesgcm://, this is the non-standard way of conversations to share omemo-encrypted files via http file upload. This is not implemented in Dino yet, neither is Jingle file transfer (which the other client shouldn't even try to use, because support is not announced by Dino). You are able to receive unencrypted or openpgp-encrypted http file uploads though.

[NicoHood]

So this means I should open an issue at conversation bugtracker?
Thanks for the information. I will try to send it encrypted then, even though its not the best idea.

[NicoHood]

I am willing to donate 50€ to the project if OMEMO gets implemented completely. I wont open any bugbounty program to avoid any additional fees, more for you guys. We will get in touch once its done :)

Keep up the great work!

[rugk]

IMHO you should use this trust model by default as it is also used by Conversations. First "blind trust" and when they are verified (preferably via QR-code scanning), then disable "blind trust" and always show notifications. This is a reasonable trade-off of usability and security IMHO.

[tdemin]

@rugk how do you scan a QR code on a desktop computer?