Explain how to trigger a key exchange

[holgerjakobs]

0.16

Expected behavior When a contact deletes and reinstalls Delta chat, my app still has his old, now invalid key, so it doesn't decrypt his messages, which show as unencryptable messages in regular mail client.

Deleting the contact would probably lead to a new key exchange. But unfortunately, deleting a contact which is "in use" is disallowed.

How to trigger a new key exchange?

Please repair!

[r10s]

Deleting the contact would probably lead to a new key exchange. But unfortunately, deleting a contact which is "in use" is disallowed.

yes, but keys are exchanged as well for existing contacts, so a deletion would not make things better.

How to trigger a new key exchange?

the person who cannot read a message eg. because of a new device should send a message "hey i cannot read your message, please send again" - the answer should be readable and the keys will be exchanged.

[testbird]

the person who cannot read a message eg. because of a new device should send a message "hey i cannot read your message, please send again"

Is the person who cannot read a message getting an error that explains this? Like, "If you already have a prior deltachat installation you should transfer your keys from the other installation using the export/import or transfer message function. (If you send messages to contacts without having imported the preexisting key (using the new key of this installation), the encrypted answers of your contacts won't be readable on your other, older installations (which have the preexisting key).

[r10s]

Is the person who cannot read a message getting an error that explains this?

currently, there are no really clear advices, this could be improved.

[testbird]

Is there a current error message in the code to improve?

[r10s]

not yet, but i've just modified the code to have such an error message. the following text

The messsage was encrypted to a different setup.

Send any message to the contact to share your new
setup; eg. ask the contact to send the message again.

is currently shown in the message bubble if a message cannot be decrypted. Any suggestions and improvements welcome before we give this to the translators (@comradekingu :)

[testbird]

Is there another regular cause for this than a re-installation? It could be more sensible to advice the local user towards key transfer instead of asking (all) contacts (and them get accustomed) to re-sending messages to and with a new key.

There are messages that can not be read, because they were not encrypted for your 
current setup. This happens, for example, if you use a new installation without importing 
a preexisting setup.

You should now import the setup from your older installation to the newer installation. 
(Using the "setup message" feature in the older installation, or through key-file export 
and import.)

If you don't import a preexisting setup, you will automatically share your new setup when
writing to contacts. But your contacts would then need to re-verify your new setup. 
And you would then not be able to read the replies with your old setups anymore, 
because the replies will then be encrypted for the new setup.

[testbird]

I modified the text to also be shown whenever DC finds non-decryptable messages on the server (after installation), and not only when viewing a new message.

[testbird]

The setup wizard could also emphasize to import a preexisting setup, if one exists. But I can't find it's text with the search function in the code.

[testbird]

Shorter, without any explanation and problem warning:

Found a messsage that was encrypted for a different setup.

Most likely you need to import a preexisting setup into a new
installation (e.g. through a "setup message").

(could not find the commit)

[r10s]

Is there another regular cause for this than a re-installation?

might be that the sender used a key from a keyserver - either an old key or an key that was uploaded by another user.

[testbird]

Ok, new try:

A message for you was encrypted for a different setup.

If this was not by mistake of the sender, it is likely you have made a new 
installation and need to transfer the preexisting setup (e.g. through 
a "setup message").

[r10s]

As the text will be written directly into the mail body (the "bubble") i would prefer this message over A message. Also, the Autocrypt Setup will only help if the recipient has really changed his setup. I think in many cases, it is a mistake of the sender and this should be fixed by asking him to send the message again. This "social" approach also work if the sender does not use Autocrypt.

Next iteration :)

This message was encrypted for another setup.

- to share your current setup, send any message to the
  contact, eg. ask the contact to send the message again.

- to import another setup, send an Autocrypt Setup Message
  from another device with the correct setup

[testbird]

text will be written directly into the mail body

Makes sense then. I think it's ok, but listing the import as first option might save some hurried users from the annoyances that arise when changing setup.

This message was encrypted for another setup.

- The correct setup may be imported, eg. by sending an Autocrypt Setup Message
  from the correct device to this device.

- The current setup may be used instead, by sending a new message to the
  contact, eg. asking the contact to send the message again.

[r10s]

The term correct is difficult here - we do not really know (1) if the sender has encrypted to the wrong setup or (2) if the received has messed up his setup. In my experience (1) is far more frequent - eg. it is very easy in Enigmail to encrypt to the wrong key - or just do not add a key for a CC'ed recipient.

This message was encrypted for another setup.

- To share your current setup, send any message to the
  contact, eg. asking the contact to send the message again.

- If you have just changed your setup on another device,
  you may want to import it by sending an
  Autocrypt Setup Message from there.

What do you think?

EDIT: I changed the title, it took me ten minutes to find this issue by the old title :)

[testbird]

Yea, some basic explanation is needed. So I added some to the other option as well.

This message was encrypted for another setup.

- If you made a new installation and possibly see this error instead of multiple messages: 
You should import the older, preexisting setup, eg. by sending an Autocrypt Setup 
Message to yourself from your first device to the second, to be able to read all your 
messages on all your devices.

- If this is only a singular unreadable message, because a sender mistakenly didn't 
encrypt for your setup: You may use and share your current setup, by sending a new 
message to the contact, eg. asking the contact to send the message again.

Don't you think it would make sense to list the case first

• that happens with just DC-only users (phone heads only, no computer users involved)
• that is easier to exclude

[r10s]

Don't you think it would make sense to list the case that happens with just DC-only users (no expert involved) first?

Not sure. I think a typical DC user has never used PGP before and uses only one device. These users may more likely be confronted with users that encrypt to an unknown key.

I like your explanations, however, maybe we can make it a little shorter:

This message was encrypted for another setup.

- If you made a new installation on another device:
  You can import that setup it by sending an Autocrypt Setup Message from there.

- The sender may mistakenly didn't encrypt for your setup:
  To share your current setup, send any message to the contact,
  eg. asking the contact to send the message again.

I dropped the hint regarding the number of messages - typically, when the users is confronted with the situation, there is only one message - more errors may follow, but the user cannot know.

I think we get closer :)

[testbird]

Yea, right the user may only see one at a time. Kept it shorter and with should vs may, hopefully clearing up the options, and removed typos.

• If you made a new installation on another device: You can import that setup it by sending an Autocrypt Setup Message from there.

Changed this to keeping the old instead of sending from the new:

This message was encrypted for another setup.

- If you made a new installation:
  You should import your older, preexisting setup, 
  eg. send an Autocrypt Setup Message to yourself from your first device.

- If the sender may not have encrypted for your setup by mistake:
  You may use and share your current setup, by sending a new 
  message to the contact, eg. asking the contact to send the message again.

[testbird]

typical DC user has never used PGP before and uses only one device.

OTOH it may also be relevant when typical users buy or switch to a new device.

[r10s]

• yes, the new installation may also be on this device.
• Autocrypt Setup Messages are always sent to oneself, so there is no need for a special hint
• removed "If" from the second point - the user cannot decide, so there is no if-this-then-that advice, the "cannot read" message is the only solution to solve the problem (but a simple one)
• btw. regarding that logic. it is better to keep the order as you suggested - if setup-changed, transfer setup, else ask user to send again.
• following your suggestion regarding "a new message" (instead of "any message")

This message was encrypted for another setup.

- If you made a new installation:
  You can use your preexisting setup eg. by sending an 
  Autocrypt Setup Message from your first device.

- The sender may mistakenly didn't encrypt for your setup:
  To share your current setup, send a new message to the contact,
  eg. asking the contact to send the message again.

Have not discussed so much about a single message :) however, i think it is worth the effort :)

[r10s]

"The sender may mistakenly didn't encrypt for your setup" - not sure about the grammar btw.

[testbird]

Yes, it's worth here, because good advice should make things "easy in the end",

EDIT: and avoid worse problems down the road, including puzzled and likely negative users.

I used "should vs. may", to avoid users stumbling into the problems of using two keys on different devices.

To keep the "advice flow" maybe the second point could start with "Otherwise, the sender may mistakenly not have encrypted for your setup". (I think it's "have".)

This message was encrypted for another setup.

- If you made a new installation:
  You should use your preexisting setup, eg. by sending an 
  Autocrypt Setup Message from your first device.

- Otherwise, the sender may have mistakenly not encrypted for your setup:
  Send a new message to the contact (automatically sharing your current setup) 
  and ask the contact to send the message again.

[r10s]

Great, we're getting really close.

• i would use "You can use your preexisting setup ..." - the user may have made a new installation but does not want to import the old setup - in this case, he has to share the new one.
• I would begin the second point with what will happen, this would also be in line with the first point: to use preexisting setup - do this - to share current setup - do that

This message was encrypted for another setup.

- If you made a new installation:
  You can use your preexisting setup, eg. by sending an 
  Autocrypt Setup Message from your first device.

- Otherwise, the sender may have mistakenly not encrypted for your setup:
  To share your current setup, send a new message to the contact
  and ask the contact to send the message again.

[r10s]

OTOH, your Send a new message to the contact (automatically sharing your current setup) is also fine as this makes the automatic sharing more clear. Probably it is even better.

[Ampli-fier]

I fear it is not so obvious, what is meant by "the setup".

[r10s]

@Ampli-fier This is Autocrypt-slang :) we do not want to speak about keys as this is even more abstract for unaware people. And Autocrypt-clients use eg. the term "Setup message", "Transfer Setup" and so on.

[testbird]

(automatically sharing your current setup)

Ampli-fier is right, the use of setup in this variant is confusing. Setup should probably only refer to the private key part?

Edit: Oops, other version has the same problem.

"To share your current setup" => "To use your current setup"? Share may sound too much like a transmission (setup message).

[testbird]

This message was encrypted for another setup.

- If you made a new installation:
  You can import your preexisting setup, eg. by sending an 
  Autocrypt Setup Message from your first device.

- Otherwise, the sender may have mistakenly not encrypted for your setup:
  To keep using your current setup, just reply and
  ask the sender to send the message again.

• 1st: use => import
• 2nd: share => keep using, just
• 2nd: contact => sender
• 2nd: send a new message to the sender => reply

[r10s]

i think "setup" in Autocrypt refers to both, private and public key plus additional options. but user more experienced with e-mail encryption may think of setup=privateKey

however, in any case, i think the term setup in "This message was encrypted for another setup" and in the first point is fine. It refers to the private key (plus belonging settings).

for the second point, i am unsure. in fact, if you think of setup=privateKey, it may look confusion if you share the setup=privateKey to another user.

@testbird you were faster:) looks good, but lacks the information about that sth. is "automatically shared" - but maybe we can leave this technical detail out. it's complicated to explain.

[testbird]

Editing overapped. Ok, we might just be there, then. :)

[r10s]

yes, your last text looks good to me, if @Ampli-fier does not have additional remarks, i will change it in the code and give it to the translators then.

[testbird]

Should it be more clear that this is an error message? Reading error: ...?

[r10s]

Should it be more clear that this is an error message? Reading error: ...?

No, i think, this is clear enough.

[testbird]

:+1: Good, never actually saw such a generated message yet.

[r10s]

looks like the following:

The part "Chat: Encrypted Message" will be replaced by the real subject, if unencrypted.

I think this is far better than the old text that would just read "Chat: Encrypted Message - Encrypted Message" in this example :)

[r10s]

To make it more clear that the message is not written in this way by the sender, we put the string (without the subject) in "Editorial brackets" [these ones] as already used for the ellipses [...] , see https://github.com/deltachat/deltachat-core/commit/fe126f96284f14b83c1b76d8246f1cb97289edd7

[Ampli-fier]

Is there anything that can be known by DC to limit the number of root causes?

If I made a new installation, it must not mean that I still have an old "setup" that makes it possible to use Autocrypt transfer ...

This is my proposal for the "bubble text":

Chat: Encrypted message - [This message can not be decrypted]

• It might already help to simply reply to this message and ask the sender to send the message again.
• In case you re-installed Delta Chat or installed it on any additional device, read the online help for more information.

[Ji-eF]

I would like to add the assumption that most of your future user base will not be aware of Delta encrypting feature. Not even aware of encrypting stuff at all, let alone key exchange. Put simply : in the mind of many people (starting with my brother, my sister, my mother, ...) "Delta Chat is a chatting software, what this message is babbling about?"

[r10s]

@Ampli-fier at least currently, we cannot limit the number of root causes without additional effort. i fear, a 100% correct error issue isn't possible at all. Thinking it over again, the case another user caused the error is more likely.

@Ji-eF thank you for pointing this out again - it's true - the "normal", future delta chat user might not know that he is even encrypting.

@Ampli-fier I like the simple, non-technical speech in your suggestion, seems to be much clearer to me. And yes - we can add a link, however, it will be printed "raw", sth like:

Encrypted Message - [This message cannot be decrypted.

 - It might already help to simply reply to this message and ask the
   sender to send the message again.

- In case you re-installed Delta Chat on this or another device you
   may want to transfer your setup, see https://delta.chat/en/help#encryption ]

The link will be clickable then and may be localized.

[testbird]

• It might already help

And, unfortunately, it might also make your contacts use different keys and get things out of order... Thus, probably better to mention importing the setup and, and directly mention solutions. (Helpful advice is not puzzling. A link is still good.)

(It might sound easy to those that know DC, but might not let a user know what precisely best to do, in that moment.)

[testbird]

The part by sending an Autocrypt Setup Message could possibly be replaced by the actual menu steps like through Configuration -> Send Setup Message (or wherever that function is available).

[testbird]

If I made a new installation, it must not mean that I still have an old "setup" that makes it possible to use Autocrypt transfer ...

Right. Slightly adapted:

• if used before and available
• can import, and usually should,
• menu location, otherwise and
• To keep using
• ask to verify and send again.
• Delta Chat setup
• not encrypted for current setup

This message was not encrypted for your current Delta Chat (autocrypt) setup.

- If you were using another installation before, that is still available:
  You can import the setup, and usually should, eg. by going to 
  "Configuration -> Send Setup Message" at your first device.

- Otherwise, and if the sender may not have encrypted for your setup by mistake:
  Keep using your current setup, by replying and
  asking the sender to verify and send the message again.

[testbird]

most of your future user base will not be aware of Delta encrypting feature.

Yes, that's why this message is rather crucial. It can be the first contact with this feature, and the single chance to shine and explain.

[Ampli-fier]

@testbird The average user has no idea, what Setup could mean. The user went to Google Play Store, installed DC and uses the app.

[testbird]

Sure, the user does not have to know every detail about the server, pgp, db setup etc., but the first thing the app is used for, if I am not mistaken, seems to be: The user configures the email setup.

Thus "setup" seems to be a useful, basic word with a common meaning, nothing special. Of course the configuration in DC could make sure to also actually use the word "setup", if it is not already used, to make it better recognizable when referring to it in the error message advise.

[testbird]

What about: This message was encrypted for another Delta Chat (autocrypt) setup.

May that improve it in your sense, Ampli-fier?

Edit: made the adaptions in the last version above

[r10s]

@testbird

It might already help And, unfortunately, it might also make your contacts use different keys and get things out of order...

worst case: if the receiver decides to import his new setup after sending a message to the contact (because he did not read the full message ...), this message will pop up again and he can "repair" the keys by sending a key again. in the majority of cases, the user will see the message when he has not changed his setup and the message will fix the problem immediately.

Thus, probably better to mention importing the setup and, and directly mention solutions. (Helpful advice is not puzzling. A link is still good.)

The other device may be a non-delta-client, so instruction will probably get too long, I think @Ampli-fier suggestion (https://github.com/deltachat/deltachat-android/issues/293#issuecomment-381742870) is still fine.

[r10s]

this is what the message looks like in delta then; btw. maybe a direct link is not a good idea as this may make it easier for phishers to trick users that have learned to click on links in messages that cannot be encrypted ... maybe we should just write "see 'Help' for details".

btw. it's not necessarily a re-installation of Delta Chat causing the problem in the second point - it may also be Thunderbird, K-9 or others. so maybe "In case you re-installed Delta Chat or another E-Mail-Program on this or another device ..."

[r10s]

update: i also removed the hint to the help - the help should be opened on the newly installed device / E-Mail-Prorgram, so I think the user should search for help there. Added a hint to the Autocrypt Setup Message instead, more experienced users will know what other pgp-alternatives they have, i think.

[testbird]

Encrypted Message - [This message cannot be decrypted.

• It might already help to simply reply to this message and ask the sender to send the message again.

Should users get accustomed to re-send messages to new keys upon requests?

• In case you re-installed Delta Chat on this or another device you may want to transfer your setup, see https://delta.chat/en/help#encryption ]

So what is the average user supposed to do after reading this? The user notices this was not a meaningful message, rather a reference blob. Go read the doc? Learn what applies and decide between options? I think this message doesn't yet help the user as much as it should.

---

help should be opened on the newly installed device / E-Mail-Prorgram, so I think the user should search for help there.

1) Why on the newly installed device? I was thinking the user usually sees above message on the new device, for new incoming messages. And only if the user sends a message from a new install (wasn't adviced to, or against the advice to, transfer the setup during the install), and the message was replied to, the message might be seen on the older install. 2) Doesn't the setup message have to be sent from the device that was first installed (and used)?

---

btw. it's not necessarily a re-installation of Delta Chat causing the problem in the second point - it may also be Thunderbird, K-9 or others. so maybe "In case you re-installed Delta Chat or another E-Mail-Program on this or another device ..."

Right, it might be some other autocrypt install. Thanks for thinking and testing the message for of all these different cases.

This message was not encrypted for your current (Delta Chat) autocrypt setup.

- If you have been using another installation before (and it is still available):
  You can transfer the setup, and usually should, eg. (in Delta Chat) by going to 
  "Configuration -> Email Account Setup -> Send Autocrypt Setup Message" 
  on the device that you installed first.

- Otherwise (and if the sender may not have encrypted for your setup, by mistake):
  Keep using your current setup, by replying and
  asking the sender to verify and send the message again.

The and if the sender may not have encrypted for your setup by mistake isn't strictly needed, but provides a hint that the sender might have to fix something.

[testbird]

I think this message doesn't yet help the user as much as it should.

A specific risk of the seemingly easy "just reply" advice would be to lead to a very frustrating ping-pong effect, or not? Therefore my emphasizing of proper advice to import during install (setup wizard) and on error (the message at hand).