[Feature] cross-signing in weechat

[BlackLotus]

Is cross-signing still planned for weechat-matrix? It was planned in #46, but the issue is closed without it being implemented yet. If it's planned I would like to open this issue as a placeholder for now. https://github.com/matrix-org/matrix-doc/blob/master/proposals/1756-cross-signing.md should be the documentation for the feature. Would be a nice feature to have

[rybaz]

Would also like to see this. Having trouble not being able to decrypt others' messages and I think this may be the cause.

[BlackLotus]

If you just have problems decrypting messages you can export your keys from another device and import them using (you need to export them from riot first)

/olm import riot-keys.txt yoursecretpassword This only makes sense if you want to decrypt previously undecrypted messages and you should start verification of your devices anyway using olm

[matthijskooijman]

Importing keys seems like a manual process that has to be repeated all the time, which does not seem like a really usable solution?

I've been reading https://blog.riot.im/e2e-encryption-by-default-cross-signing-is-here/, which suggests that cross-signing is the act of letting multiple devices logged into your account verify each other (cross-signing their keys), so that other users only need to verify one device and will automatically trust all other devices too. Is this the cross-signing that this issue refers too?

The blogpost also suggests that verifying a new device will also automatically give it access to all encryption keys, through the SSSS storage facility. I suppose that cross-signing helps here because then the new device can use its cross-signed key to authenticate to other devices and securely exchange keys. Is this also part of this issue? Or is this part already supported maybe?

This only makes sense if you want to decrypt previously undecrypted messages and you should start verification of your devices anyway using olm

What do you mean here exactly? Isn't "verification of your devices" exactly what cross-signing is? If so, the existence of this issue suggests it is not supported yet?

Is there any documentation on setting up encryption in weechat-matrix? The README only refers to /help olm, but has no other info it seems?

[poljar]

SSSS is not supoprted, nor is cross signing.

At this stage it's unlikely that the python script will see support for those features.

You can of course cross sign Weechat with Riot, this will help other users trusting you but Weechat itself won't start magically trusting other cross signed devices.

Also unless you're actively blocking untrusted devices from receiving messages cross signing won't help with undecryptable messages, it's only a way to verify devices/users.

The UX of the /olm command sucks, there's already an issue which describes how to improve it, though it needs to be updated for cross signing. Again it's unlikely that this will change in the python script, the rust rewrite will tackle both of these issues.

[rybaz]

Seems like the current Python version is a non-starter, then. I'll look out for the Rust release.

[AkechiShiro]

Hey @poljar, is it worth it to try hard on working on this, or should I get started on working on the rust one ? If I get started on the rust on any pointers where I should work for cross-signing support ?

[poljar]

The Rust one implements this, though the upstream crate we depend on had a lot of breaking changes which I have not had the chance to port over cleanly yet.

Relevant PR: https://github.com/poljar/weechat-matrix-rs/pull/56

[AkechiShiro]

Will be working all my might on helping you fix this ASAP @poljar awesome work man, thanks ! EDIT: Do you happen, to know what is the crate that broke ?