New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't send encrypted OpenPGP messages to offline buddies #822

Open
cyberius0 opened this Issue Dec 30, 2014 · 9 comments

Comments

Projects
None yet
6 participants
@cyberius0

cyberius0 commented Dec 30, 2014

Hello,

I am not sure if this is intended or not:

I can only send unencrypted messaged to offline buddies. I know that with OTR it isn't OTR technically possible, but OpenPGP should make no problems.

So is this a bug?

If the Buddie is offline, but the server didn't recognize this yet and I send the PGP message, it arrives later. But if Conversations thinks the buddy is offline, it doesn't allow me to send the OpenPGP message (only unencrypted ones.)

Please change this behavior.

@cyberius0 cyberius0 changed the title from Can't send offline OpenPGP message to Can't send encrypted OpenPGP messages to offline buddies Dec 30, 2014

@cyberius0

This comment has been minimized.

Show comment
Hide comment
@cyberius0

cyberius0 Dec 30, 2014

OK after I restarted Conversations I now get the message "No OpenPGP Key found" [...] your contact is not announcing his or hers public key.

But I already have the public key in my OpenKeychain. Doesn't make a difference is the key is already cached or not in background.

cyberius0 commented Dec 30, 2014

OK after I restarted Conversations I now get the message "No OpenPGP Key found" [...] your contact is not announcing his or hers public key.

But I already have the public key in my OpenKeychain. Doesn't make a difference is the key is already cached or not in background.

@cyberius0

This comment has been minimized.

Show comment
Hide comment
@cyberius0

cyberius0 Dec 31, 2014

Hm, after a reboot of the mobilephone and my partner went online once, I can send offline PGP messages now. But somehow about 1/3 of all offline messages doesn't get to to my partners.
For those messages that were not delivered the green arrow is missing. So at least I know what messages weren't delivered.
All my partners are on the same server (prosody).

cyberius0 commented Dec 31, 2014

Hm, after a reboot of the mobilephone and my partner went online once, I can send offline PGP messages now. But somehow about 1/3 of all offline messages doesn't get to to my partners.
For those messages that were not delivered the green arrow is missing. So at least I know what messages weren't delivered.
All my partners are on the same server (prosody).

@DefyMiners

This comment has been minimized.

Show comment
Hide comment
@DefyMiners

DefyMiners Jan 7, 2015

Is public key associated with Base JID or Full JID? The latter includes a resource.

DefyMiners commented Jan 7, 2015

Is public key associated with Base JID or Full JID? The latter includes a resource.

@Draghtnod

This comment has been minimized.

Show comment
Hide comment
@Draghtnod

Draghtnod Jan 13, 2015

With OpenPGP the status (online/away/etc) announcements are signed. If Conversations (or any other OpenPGP enabled messenger) sees a signed announcement, the public key fingerprint is extracted and saved. You can see this fingerprint on your buddies info page. If you got that fingerprint and your OpenKeychain has a key for it, you can send encrypted messages, no matter if he is online or offline.

This whole process is quite bumpy. Sometimes the fingerprints get lost. Sometimes OpenKeychain doesn't respond or crashes. Sometimes the signed announcements are lost or sent unsigned because of a problem with OpenKeychain or the API. Sometimes your Conversation forgets that you already configured OpenPGP.
I have seen all of these problems myself but they are hard to reproduce. Most of the time it works tho.

The message loss you are seeing should have nothing to do with encryption. It's more a general problem.

Draghtnod commented Jan 13, 2015

With OpenPGP the status (online/away/etc) announcements are signed. If Conversations (or any other OpenPGP enabled messenger) sees a signed announcement, the public key fingerprint is extracted and saved. You can see this fingerprint on your buddies info page. If you got that fingerprint and your OpenKeychain has a key for it, you can send encrypted messages, no matter if he is online or offline.

This whole process is quite bumpy. Sometimes the fingerprints get lost. Sometimes OpenKeychain doesn't respond or crashes. Sometimes the signed announcements are lost or sent unsigned because of a problem with OpenKeychain or the API. Sometimes your Conversation forgets that you already configured OpenPGP.
I have seen all of these problems myself but they are hard to reproduce. Most of the time it works tho.

The message loss you are seeing should have nothing to do with encryption. It's more a general problem.

@cyberius0

This comment has been minimized.

Show comment
Hide comment
@cyberius0

cyberius0 Jan 14, 2015

Draghtnod: Thank you for your response and clarification!

So I am not alone. Yes, the PGP-key fingerprint sometimes gets lost (it isn't shown anymore on the "buddy-info" page) and then the buddy has to come online again so that the fingerprint reappears. I also can't tell how to reproduce yet...

Maybe there should be the possibility to manually enter the buddies PGP-fingerprint into Conversations if it gets lost?
For me OpenPGP currently is the best solution, because it allows offline messages.

The message loss you are seeing should have nothing to do with encryption. It's more a general problem.

As long as both buddies are online no messages disappear. But offline messages/one buddy going offline is really a problem. Sadly but true, other messengers like Whatsapp don't have any problems with disappearing messages.

cyberius0 commented Jan 14, 2015

Draghtnod: Thank you for your response and clarification!

So I am not alone. Yes, the PGP-key fingerprint sometimes gets lost (it isn't shown anymore on the "buddy-info" page) and then the buddy has to come online again so that the fingerprint reappears. I also can't tell how to reproduce yet...

Maybe there should be the possibility to manually enter the buddies PGP-fingerprint into Conversations if it gets lost?
For me OpenPGP currently is the best solution, because it allows offline messages.

The message loss you are seeing should have nothing to do with encryption. It's more a general problem.

As long as both buddies are online no messages disappear. But offline messages/one buddy going offline is really a problem. Sadly but true, other messengers like Whatsapp don't have any problems with disappearing messages.

@Draghtnod

This comment has been minimized.

Show comment
Hide comment
@Draghtnod

Draghtnod Jan 14, 2015

So I am not alone. Yes, the PGP-key fingerprint sometimes gets lost (it isn't shown anymore on the "buddy-info" page) and then the buddy has to come online again so that the fingerprint reappears. I also can't tell how to reproduce yet...

This should happen if either Conversation looses it's cache or your buddy sends an unsigned status update (maybe from another client). Maybe Conversations should store the fingerprints for the remote clients/resource, not the account, handle the status updates for each resource and automatically switch the encryption depending on the resource of the last sent message. That should help i think.

Maybe there should be the possibility to manually enter the buddies PGP-fingerprint into Conversations if it gets lost?

No i don't like that. Setting everything up is pain enough. Fingerprint management should all happen magically in the background. Like on other messengers as well.

For me OpenPGP currently is the best solution, because it allows offline messages.

It also supports message carbons and MUC. :)

But offline messages/one buddy going offline is really a problem. Sadly but true, other messengers like Whatsapp don't have any problems with disappearing messages.

I did not recognize lost messages if the buddy is really offline. I think that may be a setup problem of the server. Encrypted messages are quite long. Maybe it exceeds some character limit?
Whatsapp is based on XMPP too, but they tweaked the protocol and the servers to get things like these working. Getting it working with stock XMPP is a bit tricky, because it was not made for mobile devices, encryption and such..

Draghtnod commented Jan 14, 2015

So I am not alone. Yes, the PGP-key fingerprint sometimes gets lost (it isn't shown anymore on the "buddy-info" page) and then the buddy has to come online again so that the fingerprint reappears. I also can't tell how to reproduce yet...

This should happen if either Conversation looses it's cache or your buddy sends an unsigned status update (maybe from another client). Maybe Conversations should store the fingerprints for the remote clients/resource, not the account, handle the status updates for each resource and automatically switch the encryption depending on the resource of the last sent message. That should help i think.

Maybe there should be the possibility to manually enter the buddies PGP-fingerprint into Conversations if it gets lost?

No i don't like that. Setting everything up is pain enough. Fingerprint management should all happen magically in the background. Like on other messengers as well.

For me OpenPGP currently is the best solution, because it allows offline messages.

It also supports message carbons and MUC. :)

But offline messages/one buddy going offline is really a problem. Sadly but true, other messengers like Whatsapp don't have any problems with disappearing messages.

I did not recognize lost messages if the buddy is really offline. I think that may be a setup problem of the server. Encrypted messages are quite long. Maybe it exceeds some character limit?
Whatsapp is based on XMPP too, but they tweaked the protocol and the servers to get things like these working. Getting it working with stock XMPP is a bit tricky, because it was not made for mobile devices, encryption and such..

@chrm-software

This comment has been minimized.

Show comment
Hide comment
@chrm-software

chrm-software Feb 2, 2015

Hello!
First of all, Conversations is the real breakthrough in mobile XMPP communication - big thx to all devs.

Now to the point.
Its ok to use XEP-0027 the way it is designed: sign presence and encrypt message with the same key. But there are a lot of situations in everyday use of Conversations which stops encrypted conversations with "No OpenPGP Key found...".

It would be nice to have an alternative method of public key assigning - same way the most mail clients do: take the JID and search local keyring for this key. This should be the fall-back.

Of course, this behavior implies the problem of sending encrypted messages to a client which cannot decrypt this message. But from my point of view it is much better to send one unreadable message to much then sending one in plaintext.

Regards.

chrm-software commented Feb 2, 2015

Hello!
First of all, Conversations is the real breakthrough in mobile XMPP communication - big thx to all devs.

Now to the point.
Its ok to use XEP-0027 the way it is designed: sign presence and encrypt message with the same key. But there are a lot of situations in everyday use of Conversations which stops encrypted conversations with "No OpenPGP Key found...".

It would be nice to have an alternative method of public key assigning - same way the most mail clients do: take the JID and search local keyring for this key. This should be the fall-back.

Of course, this behavior implies the problem of sending encrypted messages to a client which cannot decrypt this message. But from my point of view it is much better to send one unreadable message to much then sending one in plaintext.

Regards.

@philler3000

This comment has been minimized.

Show comment
Hide comment
@philler3000

philler3000 Jun 14, 2015

hello,
we do use conversations in a group of 6 ppl since more than one year, and the "No OpenPGP Key found..." announcements really destroys every illusion of digitial domination. from my point of view, this is the common chatroom constellation, some ppl knowing each other wanna chat - encrypted, everyday - till everyone is dead. so what can we do?
any improvements in sight? where should i start?

br
philipp

philler3000 commented Jun 14, 2015

hello,
we do use conversations in a group of 6 ppl since more than one year, and the "No OpenPGP Key found..." announcements really destroys every illusion of digitial domination. from my point of view, this is the common chatroom constellation, some ppl knowing each other wanna chat - encrypted, everyday - till everyone is dead. so what can we do?
any improvements in sight? where should i start?

br
philipp

@iNPUTmice

This comment has been minimized.

Show comment
Hide comment
@iNPUTmice

iNPUTmice Jul 23, 2015

Member

I personally have stopped using PGP encryption a while ago. That means I can no longer eat my own dog food. And dogfooding generally is what makes Conversations such a great product. While I don't see an immediate reason to remove OpenPGP support from Conversations I think everyone would be better of if the PGP encryption part would be handled by someone who actually uses this on a daily basis.

So I'm calling out for someone to take over the responsibilities with OpenPGP. A first step would be to migrate to the new API version of openpgp-api. Later on you there are several open issues like:

#632
#711 (Decryption when in background) - Important one imho
#822
#957
#1013
#1299

If you are interested in that you would be given a lot of freedom in the architectural decisions.
Changing the way keys are discovered (JID lookup, instead of presence announcement) might also be an interesting step.

Member

iNPUTmice commented Jul 23, 2015

I personally have stopped using PGP encryption a while ago. That means I can no longer eat my own dog food. And dogfooding generally is what makes Conversations such a great product. While I don't see an immediate reason to remove OpenPGP support from Conversations I think everyone would be better of if the PGP encryption part would be handled by someone who actually uses this on a daily basis.

So I'm calling out for someone to take over the responsibilities with OpenPGP. A first step would be to migrate to the new API version of openpgp-api. Later on you there are several open issues like:

#632
#711 (Decryption when in background) - Important one imho
#822
#957
#1013
#1299

If you are interested in that you would be given a lot of freedom in the architectural decisions.
Changing the way keys are discovered (JID lookup, instead of presence announcement) might also be an interesting step.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment