search

redsolution / xabber-android

Open-source XMPP client for Android
http://xabber.com
Other
1.82k stars 815 forks source link

OpenPGP support #33

Open a-iv opened 11 years ago

a-iv commented 11 years ago

http://xmpp.org/extensions/xep-0027.html

tbeitter commented 11 years ago

sorry for the dup...

there is apg (http://thialfihar.org/projects/apg/) as an openpgp provider for android. maybe this one could be used to give xabber gnupg-like pgp support. (it works fine with k9 mail)

Natureshadow commented 11 years ago

"works fine" as in "spawns a new intent, auto-pastest text, lets you sign/encrypt it, gives it back to app" or as in "automagically integrates into the workflow of the calling app"?

The first is the last I saw of APG, and it is not very helpful for a live chat session.

joeyh of Branchable / git-annex managed to extract the GnuPG port from Terminal IDE for use in his own app, maybe this is what should be done.

tbeitter commented 11 years ago

you're right, but for mail this is "usable". thanks for the hint.

jplitza commented 10 years ago

There hast been a fork of APG called OpenKeychain that implemented a more appropriate API that can be used silently. It has been merged back into APG as well.

OTOH, XEP 0027 has been obsoleted by the XMPP Council in its 2014-04-12 meeting because it's massively flawed (only encryption, no signing, no replay-attack protection), see XMPP E2E Security.

You might want to reconsider its implementation.

SafwatHalaby commented 10 years ago

Just a note: PGP's advantage over OTR is the fact that you can send an encrypted message to an offline peer. OTR's advantage is plausabile de... who cares, I want to send encrypted messages to my offline peers.

jplitza commented 10 years ago

Well you are absolutely right, OTR (and all other protocols supporting perfect forward security and stuff) lack support for offline messages and multiple resources by design, as I documented in the wiki page linked in my last comment.

But XEP-0027 is a nightmare, not even supporting signing of messages or defense against replay attacks. These are real weaknesses in my opinion, not like lack of plausible deniability. Furthermore it's not very integrated into XMPP.

The XMPP council seemed to be open for new PGP-based methods of encryption, but they have to be designed and standardized before they can be widely implemented.

SafwatHalaby commented 10 years ago

I wasn't aware of that. Thanks. Any reference to any new PGP-based proposal?

jplitza commented 10 years ago

That's the point: There is none as of yet. It would have to be designed and standardized, but nobody started doing that as far as I know (but that isn't very far I'm afraid).

sbriskin commented 10 years ago

OpenKeychain's API works much better than a year ago. Latest build of K-9 Mail works with OpenKeychain as well as APG. Some integration in early stage made for Conversations XMPP client - not stable yet, but it's a good beginning.

Every day I use GnuPG on my computer and notebook for encrypted jabber conversations. But I can't do the same thing on mobile or tablet without copy-paste routine. I'm not the only one who ask of it. So, please, give us a hope to see OpenPGP-encryption.

SafwatHalaby commented 10 years ago

A related article: http://wiki.xmpp.org/web/XMPP_E2E_Security

jelmer commented 9 years ago

FWIW Conversations (https://play.google.com/store/apps/details?id=eu.siacs.conversations&hl=en) implementations PGP through OpenKeychain and that's working very well.

mrmaxg commented 9 years ago

Unsure if I should post my question here but I guess it's relevant.

When pasting my pgp public key and sending over xabber. The format is lost. Then the other end when copied to clipboard and tried to import it says invalid key.

So question is. How can I ask xabber to keep my message format?

Thanks

sbriskin commented 9 years ago

mrmaxg, why don't you put your key on the keyserver and send only public key ID? Just try http://keyserver.ubuntu.com/ or https://sks-keyservers.net/i/ (my key is 0x321c8a74793dff6e) Other way is to put your key here on GitHub as a gist and send only link to it. This does not solve the problem of message formatting in Xabber, but will help you share your key.

mrmaxg commented 9 years ago

Reply appreciated. I am aware there are several ways to share my key. Stopping xabber formatting my message is what I am needing though rather than a work around. The xmpp server I use supports sending emails from my xabber by adding the contact as someone%gmail.com@myserver.com. I am simply wanting to paste the key in the text box and send. Thanks

adithyaphilip commented 8 years ago

Just thought I'd mention it here - there's a new XEP proposed for PGP at http://geekplace.eu/xeps/xep-openpgp/xep-openpgp.html, authored by @dschuermann, @valodim and @flowdalic. It's currently being implemented for Conversations, and I'd be happy to implement it for Xabber too. We're using OpenKeychain as our API provider.

falsechicken commented 8 years ago

I would love to see this feature. I prefer Xabber over Conversations but have to use Conversations for its GPG support.