Support Storing/Switching Identities.

[thebeline]

I would DEARLY like to be able to store an identity+configuration+contacts in an encrypted file that I can take with me and load on startup of the application, or switch to/from. Meaning my private key is not stored locally or in the clear. This would also provide some security if my computer we accessed by an adversary/friend/colleague.

[special]

See #33 about the encryption of private keys / configuration.

99 discusses ideas on how to use Ricochet from multiple machines, or synchronize between them. It sounds like your suggestion is a little more specific: to have a way to easily import/export the identity. Hmm.

It's worth noting that Ricochet can be used as a portable application for any platform. You could put the application and configuration on USB / cloud storage / ??? and move it between computers with no trouble.

[thebeline]

I think the ability to load and store identities and their associated contacts is pretty essential for this service to catch on.

For example, it would allow Ricochet to be packaged with Live CDs and Privacy Distros with no local storage. I understand the ability to store a standalone install on a USB key, but that seems unnecessarily insecure. If there were a discovered leak in the code, your contacts et all follow the now vulnerable install.

I do see how you can get to, and presumably save/transfer this information (config data, private keys, etc), but this requires that these files be in the install directory. What I am referring to more specifically is the ability to point Ricochet to an encrypted file, and have Ricochet use that data from there. Perhaps decryption of the contents to a ramdisk.

I only program PHP, so my knowledge of how most of this works with Ricochet and Tor is speculation, but it would seem that it would be possible to do something like this, maybe not easily, but not impossible.

Selecting a new package would shut down Tor, wipe the ramdisk, decrypt the new package to the ramdisk (asking for password, etc), and restart Tor.

To be clear, I am not talking about syncing message states, or history, or anything. Actually, none of that should be saved anyway.

I have not had a chance to use this yet to talk to others, but if there is a history function, or if it does not notify me if the public key of a previously contacted signature has changed, I will be sorely disappointed (consider those as suggestions, if either is not true).

[thebeline]

Ah, I read a little more on the linked thread about syncing. I guess if the messages remain encrypted, and cached messages to linked devices remain encrypted (and there is an option to disable this feature) it wouldn't be terrible.

Although, I do not even remotely love the idea that the application even has the code inside it to ferry off incoming messages to other devices. That seems incredibly insecure, but whatever.

[ggondim]

Just a way to regenerate the Ricochet address would be fine, also.

[jpt]

You could put the application and configuration on USB / cloud storage / ??? and move it between computers with no trouble.

Having a button to export that configuration would be useful, IMO. Better if the user doesn't need to know where config is stored. Would that include the address?