private key exchange not executed on when receiving messages on fresh set of keys
Obeyed opened this issue · 6 comments
When a new set of encryption keys are created (e.g. when a new .yowsup folder is used) no one can send messages without having an up to date set of keys. The messages will appear as received and read, but the following error will continue to occur, until the yowsup registered number sends a message, which activates an exchange of the new set of keys.
WARNING:yowsup.layers.axolotl.layer_receive:No session for xxxxx, getting their keys now
ERROR:yowsup.layers.axolotl.layer_receive:InvalidMessageException No valid sessionsBad Mac!
The exception is caught in https://github.com/AragurDEV/yowsup/blob/master/yowsup/layers/axolotl/layer_receive.py#L92
and the final exception received in my code is:
value is none for attr t
https://github.com/AragurDEV/yowsup/blob/master/yowsup/layers/axolotl/layer_receive.py#L94
i missed to remove debug code
not sure what you mean. should that line be removed? 🤔
is the exception raised as expected, or can we handle this in some way?
The exception is raised due to a key mismatch.
Because yowsup has cached it keys in the ~/.yowsup direcotory
That makes sense. Should we attempt to get/exchange fresh keys? Doew anyone know of a way to do this properly?
That would be a huge security issue.
Just use everytime the same user and verify that your database is fine.
I might be thinking about this in a wrong way. There shouldn't be a security risk anywhere. Not sure what method whatsapp uses to exchange keys (Diffie–Hellman maybe?), but some form of consus is reached every time prior to a new conversation.
It doesn't make sense, that a yowsup user must initiate a conversation for keys to match? There must be a way to say, I have a fresh key now. Some form of key exchange happens when a yowsup user starts a conversation with someone else.
Might look into this in the future. Don't have time at the moment.