mikrosk
commented
8 years ago Figured it out from the source code.
Closed mikrosk closed 4 years ago
mikrosk
commented
8 years ago Figured it out from the source code.
eighthave
commented
8 years ago SMP does rely on an established OTR session. But once SMP is completed, then you have successfully verified the public key of the other side, and if you store that info, then it can be used without an established OTR session.
Excuse me if this isn't the correct place but documentation is sparse and I'm not sure whether this is a generic OTR question for the mailing list, feel free to point me to the right place then.
Is it possible to use otr4j's SMP purely as an authentication method? I.e. I would have a key pair which I use for other crypto tasks (say signing) and I'd like to offer the user an option to ask the other side a question with shared secret, i.e. proving that the other side's public key is safe to use. From a brief look into otr4j sources it would seem that the keypairs depend on the session id, i.e. as soon as the session is gone, so are the keys (I haven't understood when exactly the session id expires from the store, any hints welcome).