OMEMO feature tracker

[jubalh]

Original issue requesting OMEMO support: https://github.com/boothj5/profanity/issues/658 General OMEMO support was implemented in https://github.com/boothj5/profanity/pull/1039

Some features are missing. This tracker bug is there to give an overview of what we have and what we are working on.

• [x] General OMEMO support https://github.com/boothj5/profanity/pull/1039

• [x] OMEMO policy https://github.com/boothj5/profanity/pull/1062

• [x] filter fingerprints that we autocomple https://github.com/boothj5/profanity/issues/1068

• [x] /omemo trust [tab]... in a 1:1 chatwindow should only cycle through partners fingerprints. currently cycles through all fingerprints https://github.com/boothj5/profanity/issues/1068

• [x] autocompletion for untrust command https://github.com/profanity-im/profanity/pull/1576

• [x] Handle error with publish-option for device_list https://github.com/profanity-im/profanity/issues/1552 https://github.com/profanity-im/profanity/pull/1591

• [x] Send files encrypted proto xep xep-0396 https://github.com/profanity-im/profanity/issues/1262

• [x] OMEMO encryption for MUC PM (OMEMO MUCs are not anonymous, so we should start a regular 1:1 in this case instead of MUC PM. A discussion started to make this a general feature https://github.com/profanity-im/profanity/issues/1531)

• [x] OMEMO MUC should encrypt to all jid present in affiliation. Not only those currently connected. https://github.com/profanity-im/profanity/pull/1242

• [x] Messages are not decrypted unless we trust the sending key. We should probably decrypt everything but mark it. https://github.com/profanity-im/profanity/issues/1122

• [x] Update website with OMEMO usage docu https://github.com/boothj5/profanity/issues/1048

[kaffeekanne]

Even if it might not be implemented i would add trusting without mutual roster entry/subscription. Background: You would not want to cludder up your roster with every aquaintance of a greater MUC, although you share common interes/goal that leads you to taking part in a E2EE MUC.

Since MUCs need to be non anonymous you get the JID of the MUC participants anyway and could manage the keys the way it is done already.

[paulfariello]

@kaffekanne this issue should have been solved when I added support for publish-option in device list and bundle. Can you test it?

[kaffeekanne]

Do you have a branch or PR for it already?

[moppman]

Is there a way to trust your account's own fingerprints from other clients you use? Right now, omemo messages are only encrypted for profanity and the chat partner, but not for my other clients. If I try /omemo fingerprint in the main window, my account's fingerprints are listed. However, I can't trust them with /omemo trust <fingerprint>. profanity.log says: prof: ERR: OMEMO: cannot encrypt key for my@account device id <id> for all my other devices.

[wstrm]

@moppman Have you tried by specifying your JID? Like:

/omemo trust me@example.com <fingerprint>

[moppman]

@optmzr Yes, that seemed to work, thank you! Now my other clients can decrypt messages sent by profanity. However, profanity still does not display omemo messages sent by my other clients (not even the "placeholder" message body that Dino or Converse send as fallback like "omemo message could not be decrypted")

[paulfariello]

hi @moppman did you enabled carbons with /carbons on?

[moppman]

hi @paulfariello I wasn't aware that I had to enable carbons explicitely, thanks for you quick help! Now profanity displays the carboned messages sent by Dino and Converse, however, they don't get decrypted by profanity. Log: prof: WRN: Carbon received with no message. prof: ERR: OMEMO: cannot decrypt message: Checksum error for Converse carbons and prof: WRN: Carbon received with no message. prof: ERR: OMEMO: invalid key length for Dino carbons.

[paulfariello]

Could you open a dedicated issue for that?

[moppman]

1107

[kaffeekanne]

To improve omemo i would suggest /omemo fingerprint placed in a muc window showing all fingerprints of the MUC participants. This way one could see missing trusts. At the moment i would have to cycle through 1:1 chats with every participant. Also /omemo [trust|untrust] ... should work in MUCs.

[quite]

s/not all key trusted/& #1185/

[jubalh]

OMEMO 0.4: https://github.com/xsf/xeps/pull/903

[Neustradamus]

There is now a 0.4.0+ which break all:

• https://xmpp.org/extensions/xep-0384.html
• http://www.aptest.com/standards/htmldiff/htmldiff.pl?oldfile=https://xmpp.org/extensions/attic/xep-0384-0.6.0.html&newfile=https://xmpp.org/extensions/attic/xep-0384-0.7.0.html
• http://www.aptest.com/standards/htmldiff/htmldiff.pl?oldfile=https://xmpp.org/extensions/attic/xep-0384-0.5.0.html&newfile=https://xmpp.org/extensions/attic/xep-0384-0.6.0.html
• http://www.aptest.com/standards/htmldiff/htmldiff.pl?oldfile=https://xmpp.org/extensions/attic/xep-0384-0.4.0.html&newfile=https://xmpp.org/extensions/attic/xep-0384-0.5.0.html
• http://www.aptest.com/standards/htmldiff/htmldiff.pl?oldfile=https://xmpp.org/extensions/attic/xep-0384-0.3.0.html&newfile=https://xmpp.org/extensions/attic/xep-0384-0.4.0.html

[kaffeekanne]

Sending files is solved, i guess. Also i suggest a new entry on this list: "Improve first time setup". The way it is now (in console window):

/omemo gen
/omemo fingerprint
/omemo trust <own-jid> <fingerprint>
/omemo trust <own-...

Especially the trusting without completion of jid and fingerprints is very cumbersome. Starting a chat with oneself unfortunately does not bring completion as it does for other chat partners.

[DebXWoody]

The last weeks I did some improvements for OMEMO, The debug logging has been improved to see whats going on.

I was able to provide the following patches:

• OMEMO - Unable to publish own device list #1548
• Restart OMEMO Session after lost connection #1549
• OMEMO: Separate handling of device list #1553

It seems there is still an issue with MAM. When I open a chat window, I get You received a message encrypted with OMEMO but your client doesn't support OMEMO. The message itself has been stored in chatlog.db with omemo flag. From database point of view it looks fine.

Before I start to take a look into the MAM issue, I would like check what we should do with #1544.

[jubalh]

It seems there is still an issue with MAM. When I open a chat window, I get You received a message encrypted with OMEMO but your client doesn't support OMEMO. The message itself has been stored in chatlog.db with omemo flag. From database point of view it looks fine.

There is no MAM issue :) We just send a new MAM request and display what we get. We add it to the DB (once) but don't retrieve from there yet.

MAM is just not finished (many things need to be done there).

[jubalh]

OMEMO support is done since some time.

[jubalh]

To support new OMEMO we will need https://github.com/dino/libomemo-c instead of libsignal-c. openSUSE package exists already. Other distros will probably follow. Next version of Dino will also depend on it.