[Plugin Request] OMEMO
Closed this issue · 60 comments
A plugin that adds support for OMEMO encryption.
👍
I am contemplating about GitHub having a voting system, similarly to GitLab. Thank you, @rapgro, for the the 👍 vote and, in case you didn't know, for getting me into Jabber.
I'd like to add even multiple 👍 's
psi is really great but it does not play well with "conversations" on android.
You know encryption is illegal in Russia, so I'm out of business.
Any pull request?
Oops, sorry to hear that.
You know encryption is illegal in Russia
this is not true
That's true.
Basically two points:
- Service provider MUST keep chat logs
- The logs MUST be either unencrypted or deciphered by request (read: unencrypted anyway)
This makes OMEMO useless in Russia
We can you TLS encryption with same success here.
Так-так, что тут у нас?
Лаборатория по производству и одновременно притон по сбыту нелегальных шифровальных средств?
Гражданин, вы задержаны.
Пройдёмте.
Service provider MUST keep chat logs
That's problem of service provider
The logs MUST be either unencrypted or deciphered by request (read: unencrypted anyway)
That's not responsibility of user. That's what service provider have to do.
And that's why omemo IS useful. There's no point in encrypting data, if nobody's gonna intercept it.
Why you support Off-The-Record?
(So i have still to use gajim 😄 )
OTR was implemented before thie weird laws.
But basically I agree while instant messaging servers/operators do not ban us for encryption we can implement and use omemo.
OMEMO would be really usefull since OTR is close to useless with multi-sessions.
@Ri0n would it be legal as a Russian user to choose a provider in a free country like mine and using OMEMO there?
Well yes and no. From government point of view if Russians use foreign services then these foreign services should keep their user database on territory of Russian Federation. At least for Russian users.
And then we have all the laws =)
Actually this makes little sense for end user since it's a problem of service provider, not user. So it's fine to implement and use it. And if the government bans such a service provider for such illegal activity like not keeping unencrypted chat history, well that's the destiny =)
From government point of view if Russians use foreign services then these foreign services should keep their user database on territory of Russian Federation
That's not really so. Services must keep only users' personal information (real name, address, credit card info, social security number and other info, which identifies user's person) on russian territory.
Ok. it's fine without using VCards :-D
@Ri0n How about deletion of messages unrelated to a topic?
@GreenLunar , @Neustradamus Have you seen any self-contained C or C++ library with OMEMO encryption support? (Like libotr for OTR.)
Hi,
Sorry for butting in when you explicitly asked GreenLunar and Neustradamus, but the Pidgin plugin (not Lurch) seems to use libsignal-protocol-c.
There is also libolm:
An implementation of the Double Ratchet cryptographic ratchet, written in C and C++11 and exposed as a C API.
I offer $1000 bounty for OMEMO encryption support in Psi+. This should be implemented either directly in a code or as a plugin, and should be fully compatible with the specification and with existing implementations. It should work with multiple connections on one account (multiple resources).
I have a prototype. It's functional, but still far from being done. Hopefully, I'll have something to publish in a few weeks. In the meantime, here is a short teaser.
AFAIK Wime (a fork of Psi+) has OMEMO support. It could be ported from there.
Nope, they have only OTR.
@stigger Wime indeed has OMEMO plugin, but I can't find it's source code. There's libomemoplugin in the binary bundle.
Seems they stopped to update their source code on bitbucket. I'll request a fresh one.
https://bitbucket.org/whoernet/wime/issues/10/repository-is-not-up-to-date
The protocol itself should be fully supported, but there is no UI implemented and it blindly trusts all devices, so not suitable for sensitive communication yet! But it would be great if while I'm working on that, someone could take a look and report possible issues, e.g. compatibility problems with other clients.
Requires psi-im/psi#341 & psi-im/iris#52.
Good job!
Is it compatible with current GPLv2 license of Psi? I heard there are license problems with official Signal implementation.
https://github.com/anurodhp/Monal/issues/9#issuecomment-208063040
The referenced comment is about publishing an app that uses libsignal on Apple's App Store, which is not applicable for Psi. At the moment libsignal is licensed under GPLv3 with an exemption for App Store, so it should be compatible.
More details:
Status update?
No updates at the moment, but planning to work on it this weekend.
any psi+ end to end encryption is currently broken with windows (10) portable version (psi-plus-1.3.306_win7_x86_64)
psi+ crashes on OTR key generation.
OMEMO can only receive but not send. also cannot send OMEMO to myself: *** [OMEMO] Unable to build any sessions, the message was not sent
this is an unlucky situation because both gajim and conversations dropped OTR in favour of OMEMO, but OMEMO is still experimental on psi+. nevertheless the OTR plugin should not crash so there is no constellation i can use psi+ with end to end encryption currently.
psi+ crashes on OTR key generation.
This is known bug in 64-bit version of libotr. You may use 32-bit version of Psi+ with OTR plugin until this bug is fixed.
OMEMO can only receive but not send. also cannot send OMEMO to myself: *** [OMEMO] Unable to build any sessions, the message was not sent
I have just re-checked it in clean Win8.1 environment and all work fine. Try to clear the list of your OMEMO keys from other XMPP client (for example, from Conversations or Gajim), then delete omemo.sqlite file from your Psi+ configs and then try OMEMO plugin from Psi+ again.
this is an unlucky situation because both gajim and conversations dropped OTR in favour of OMEMO
This is a very strange decision. Usage of OMEMO is more simple from end user point of view, but OTR is more secure...
OTR is more secure
Could you explain this? I always thought OMEMO was more secure than OTR, because it has newer cryptographic primitives like Curve25519 for example.
Could you explain this? I always thought OMEMO was more secure than OTR, because it has newer cryptographic primitives like Curve25519 for example.
I am not talking about used cryptographic algorithms, but about whole architecture in common. For example:
- Users are not forced to manipulate keys manually (in each device and/or client), authentificate interlocutor, etc.. It is optional.
- By default devices keys are considered trusted. Yes, it simplify life for inexperienced users, but increases risks. More other, common users do not update their devices keys despite of this is supported by XEP and realized in most of XMPP clients.
- Session keys in OMEMO are not updated during communication nor manually, nor automatically (it is possible in principle, but not described in XEP and not realized in XMPP clients which I saw).
- Communication history may be stored on server side and decoded at any time later. Yes it is extremely convenient, but if offender will get or calculate (using computer cluster or quantum computer) your private key, the whole history will leak to him. Chats protected by OTR are usually not stored at all (even at current device).
Thank you for your detailed explanation to this, good points! 👍
More other, common users do not update their devices keys despite of this is supported by XEP and realized in most of XMPP clients.
What do you mean by "update"?
Session keys in OMEMO are not updated during communication nor manually, nor automatically (it is possible in principle, but not described in XEP and not realized in XMPP clients which I saw).
Do you know what the double ratchet does? It " updates" the session on every received and sent message, so your statement is wrong.
Communication history may be stored on server side and decoded at any time later. Yes it is extremely convenient, but if offender will get or calculate (using computer cluster or quantum computer) your private key, the whole history will leak to him. Chats protected by OTR are usually not stored at all (even at current device).
Communication is encrypted when stored on the server. Even if you would get acces to "the private key", you could only decode a limited amount of the data (exactly one message). One property of the axolotl ratchet is, that it is self healing and provides both forward secrecy, as well as future secrecy.
More other, common users do not update their devices keys despite of this is supported by XEP and realized in most of XMPP clients.
What do you mean by "update"?
In OTR Plugin there is pushbutton "Generate new key". And only current XMPP client will be affected. In such way user may easily update his(her) private key any time s(he) find this necessary.
With OMEMO all is more global: there is "Clear devices" pushbutton which will cause to re-generation of "private keys" on all devices. And users use it more rarely.
Do you know what the double ratchet does? It "updates" the session on every received and sent message, so your statement is wrong.
It looks I remembered this wrong (or mixed up with another algorithm): I thought the session id for each two "devices" is generated only once during session initialization (if they do not have a common session yet) and is constant after that. In such case you need delete session id or device id to start a new session.
But after re-reading on OMEMO specification I see that session id is updated after receiving of each new message using an unique key from it.
Communication is encrypted when stored on the server. Even if you would get acces to "the private key", you could only decode a limited amount of the data (exactly one message). One property of the axolotl ratchet is, that it is self healing and provides both forward secrecy, as well as future secrecy.
Ok. You are right.
So a history with OMEMO encrypted messages on server side is less useful than I thought: it may be decrypted only one time (from each device) and after that it become useless.
With OMEMO all is more global: there is "Clear devices" pushbutton which will cause to re-generation of "private keys" on all devices. And users use it more rarely.
This is wrong. The function will only "unpublish" OMEMO key material from the server. The actual keys stay untouched. Once an "unpublished" device comes online, it will republish its keys again.
However, some implementations offer you an option to regenerate your identity, which will delete the OMEMO keys of the device and create new ones.
So a history with OMEMO encrypted messages on server side is less useful than I thought: it may be decrypted only one time (from each device) and after that it become useless.
Exactly :)
@tehnick [re Apr 13]
authentificate interlocutor,
I miss the Socialist Millionaire Protocol (to authenticate identity) but unfortunately it crashed receiver's clients. I wish SMP was an option to OMEMO authentication.
Communication history may be stored on server side and decoded at any time later.
mam / carbons should expose an additional setting in 'client's server archival preference' as in some clients [Conversations] to purge chat history after specified window. Not for the reason of your concern necessarily, but for the occasional client [Conversations] but of close/erase history, start new conversation, server archive restores.
You might want to read RiseUp.net critique of OMEMO.
Hello everybody, I found the source code of the OMEMO plugin at GitHub. But how do I install it? Help is appreciated. Thank you!
It should be included in latest Psi+ builds. If it isn't included in your build, you have to compile it.
It should be included in latest Psi+ builds. If it isn't included in your build, you have to compile it.
Thanks for your answer! Where do I find the latest Psi+ build? The one I found for MacOS at Sourceforge is older the the current Psi version, it seems.
There are no fresh builds for macOS as far as I know.
There are no fresh builds for macOS as far as I know.
Is there anybody who has experience with building Psi+ for macOS? I managed to build it but have a hard time linking the app bundle correctly. would be great if there is anybody who knows how to do it.
@Letterus try some our scripts https://github.com/psi-plus/maintenance/tree/master/scripts/macosx
@Letterus try some our scripts https://github.com/psi-plus/maintenance/tree/master/scripts/macosx
Thank you, great hint - lot's of work done there! I had to adjust the Mac Makefile/patch, but then it compiled nicely. But the OMEMO plugin does not seem to do anything. Does not even show a key for myself in the prefs. Already asked in the dev MUC, help is appreciated here.
@Letterus Just add OMEMO button on toolbars in Psi+ Options Dialog and restart program.
@Letterus Just add OMEMO button on toolbars in Psi+ Options Dialog and restart program.
@tehnick Thanks for your reply. The button is on the toolbar, but greyed out. When I disable toolbars the menu says "OMEMO is not available for this contact" (Update: corrected error message).
Crypto debug menu says:
Checking Qt Library Path: /Applications/Psi+.app/Contents/PlugIns libqca-cyrus-sasl.dylib: (class: saslPlugin) loaded as qca-cyrus-sasl libqca-gcrypt.dylib: (class: gcryptPlugin) loaded as qca-gcrypt libqca-gnupg.dylib: (class: gnupgPlugin) loaded as qca-gnupg libqca-logger.dylib: (class: loggerPlugin) loaded as qca-logger libqca-ossl.dylib: (class: opensslPlugin) loaded as qca-ossl libqca-softstore.dylib: (class: softstorePlugin) loaded as qca-softstore
Any idea?
+1
@Letterus Have you tried recently? Perfect for you?
For all people, have you updated your Psi/Psi+?
I would like feedbacks from all users for OMEMO:
- Between Psi, Psi+, and other OMEMO XMPP clients
- OMEMO detection (grey icon / color icon)
- Secure chat (1:1)
- Secure mucroom
- New fingerprints detection
- OMEMO option possibilities (Options->Plugins->OMEMO options), all are good?
-- "Clear devices" and "Refresh" buttons in "Manage Devices" are missing (#38)
-- Impossible to remove fingerprints of contacts (#37)
-- Regenerate "Own fingerprint" is missing (#36)
In the same time:
- OTR feedback too
- GnuPG feedback too
Thanks in advance.
As for macOS builds you may download latest build from SF:
https://sourceforge.net/projects/psiplus/files/macOS/tehnick/Psi%2B-1.4.592-macOS10.12-x86_64.dmg
or install it using Homebrew:
brew cask install psi-plus
@ all,
I have recently published some tickets about OMEMO, if some guys can look it, it will be nice.
I have done a full step description to show the current OMEMO bugs to permit to solve it:
Can you test it in your client, please confirm it, and help to solve?
Others:
- https://github.com/psi-im/plugins/issues?q=is%3Aissue+omemo+
- https://github.com/psi-im/psi/issues?q=is%3Aissue+omemo+
- https://github.com/psi-plus/main/issues?q=is%3Aissue+omemo+
Thanks in advance.
Psi+ 1.5.1605.0 exists with some OMEMO fixes, and @Vitozz has done Windows builds here:
- x64: https://sourceforge.net/projects/psiplus/files/Windows/Personal-Builds/KukuRuzo/psi-plus-1.5.1605.0-x64-setup.exe/download
- x86: https://sourceforge.net/projects/psiplus/files/Windows/Personal-Builds/KukuRuzo/psi-plus-1.5.1605.0-x86-setup.exe/download
Do not hesitate to comment, and confirm current bugs here: