Open hmeyer opened 11 years ago
still… gpg would be a feature worth some effort. You don't allways have deniability, sometimes signed messages are a feature i want to trust that the other side stands to whatever was transmitted.
If you've verified an OTR key, then you get the same level of verification as you would from PGP.
It's unlikely we'll ever implement PGP into ChatSecure.
no, i don't. because after each line the chat partner sends me the key needed to sign that line, so i can never prove that he sent it. it could have been myself, faking my logs.
This is of course a feature, built in on purposse. it just doesn't fit the needs of every use case.
further: PGP-keys are already far better adopted and the chance that i know a public key of existing contacts is far better then the chance of me, knowing all OTR-keys for each of his clients.
because after each line the chat partner sends me the key needed to sign that line, so i can never prove that he sent it. it could have been myself, faking my logs.
In the moment you receive the message, you know you didn't fake it. But, yea, if you want verifiable logs after the fact, then OTR doesn't suffice.
I also think, GPG encryption is a must. You could use Openkeychain as a helper application like Conversations does. OTR isn't nice to use, especially when using multiple clients. Ok, the XEP-0280 extension is missing, so I cannot use multiple clients at same time.
Gibberbot is a Jabber-Client for Mobile Devices. Mobile Devices tend to have unstable network connections. As OTR needs a bidirectional communication between Alice and Bobs clients for initialization, OTR only works, when both Alice and Bob are online at the same time. GPG-Encryption would allow Alice to initiate a Chat, even if Bob is currently offline. Once the Bob is online he could receive Alice' message, even though Alice might be offline at that time. So - overall GPG might not feature as many security features as OTR, it still provides message secrecy and authentication. PLUS GPG is more robust in a mobile environment.
So my request is: Please incorporate GPG-Encryption into Gibberbot! I guess as Bob might have more than one key (depending on the XMPP ressource he is going to use) Alice should encrypt her message with all of Bobs keys, resulting in a slighty larger message.
Please let's discuss this.
I'd like to help implementing.