jdev - 2024-09-22


  1. hello!

    hi

  2. lovetox

    hey, about openpgp, when we create keys .. is there any suggestion for algorithms?

  3. singpolyma

    ECDH/ECDSA ideally

  4. singpolyma

    Unless you need really broad compatibility then still RSA

  5. Schimon

    Does MUC support PEP? Is it possible to create PubSub nodes for MUCs? This is an error for an MUC. ``` ERROR <iq to="slixfeed@canchat.org/slixfeed" id="9f2f958a70ed4009abb10aeaca04e10f" from="devs@conference.cyberdelia.com.ar" xml:lang="en" type="error"><pubsub xmlns="http://jabber.org/protocol/pubsub"><create node="xmpp:slixfeed:0" /><configure><x xmlns="jabber:x:data" type="submit"><field var="pubsub#title" /><field var="pubsub#description" /><field var="pubsub#notify_retract"><value>1</value></field><field var="pubsub#max_items"><value>20</value></field><field var="pubsub#persist_items"><value>1</value></field><field var="pubsub#send_last_published_item"><value>never</value></field><field var="pubsub#deliver_payloads"><value>0</value></field><field var="pubsub#type"><value>http://www.w3.org/2005/Atom</value></field></x></configure></pubsub><error type="cancel"><service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" /><text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">The feature requested is not supported by the conference</text></error></iq> ``` This is an error for a client JID. ``` [2024-09-22 17:48:33,152] ERROR: slixfeed.xmpp.iq: <iq to="slixfeed@canchat.org/slixfeed" id="969b939995254ae7be4bfab269e09a8c" from="slixfeed@movim.eu" xml:lang="en" type="error"><pubsub xmlns="http://jabber.org/protocol/pubsub"><create node="xmpp:slixfeed:0" /><configure><x xmlns="jabber:x:data" type="submit"><field var="pubsub#title" /><field var="pubsub#description" /><field var="pubsub#notify_retract"><value>1</value></field><field var="pubsub#max_items"><value>20</value></field><field var="pubsub#persist_items"><value>1</value></field><field var="pubsub#send_last_published_item"><value>never</value></field><field var="pubsub#deliver_payloads"><value>0</value></field><field var="pubsub#type"><value>http://www.w3.org/2005/Atom</value></field></x></configure></pubsub><error type="auth"><forbidden xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" /><text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">You&apos;re not allowed to create nodes</text></error></iq> ```

  6. singpolyma

    Schimon: it's not really realised to MUC or not in any way. It's a question of server setup. I'm not aware of any major servers set up to allow this right now

  7. singpolyma

    Schimon: it's not really related to MUC or not in any way. It's a question of server setup. I'm not aware of any major servers set up to allow this right now

  8. Schimon

    singpolyma. Thank you. To whom, do you think, should I refer to, concerning this matter?

  9. singpolyma

    Probably easiest first thing would be to write a module for prosody to enable it

  10. Schimon

    Thank you.

  11. lovetox

    singpolyma, gpg does not let me create a encryption key with ed25519 or cv25519

  12. lovetox

    says wrong key usage

  13. lovetox

    > You can't encrypt data with ed25519 algorithm (it's not a cipher), it's only a digital signature scheme

  14. lovetox

    TIL

  15. lovetox

    so there is only rsa

  16. moparisthebest

    ed25519 is signing only, the cv one is encryption

  17. moparisthebest

    That's the only right one to use today, not RSA, not other ECC

  18. lovetox

    > gpg --quick-gen-key "asd2@asd.at" "cv25519"  ✘ 2 19:15:42 > gpg: Key generation failed: Wrong key usage

  19. moparisthebest

    lovetox: https://gist.github.com/TrevCan/8a6075e9a7eb8bbdf75622e977400150 might help

  20. moparisthebest

    I think you are missing the "encrypt" as last arg

  21. lovetox

    no does not work even with that

  22. moparisthebest

    Does that script work? I use that kind of key for encryption and have a script to generate it but don't have access to it right now, I can look later

  23. lovetox

    this adds subkeys if i see it right

  24. lovetox

    i dont do this, i want on main key that can sign and encrypt

  25. lovetox

    if i use default gpg creation, it creates a main ed25519 key, and a sub cv25519 key

  26. lovetox

    maybe this can only be done with a subkey

  27. lovetox

    i mean i guess i could do this ..

  28. Menel

    Hm. I'm quite sure I have 25519 only keys for my pgp. Will have to look how I did that

  29. singpolyma

    > if i use default gpg creation, it creates a main ed25519 key, and a sub cv25519 key Yes that sounds correct

  30. singpolyma

    > i dont do this, i want on main key that can sign and encrypt You can't both sign and encrypt with the same key in most algorithms. That's a special feature of RSA

  31. lovetox

    and thats also the one that most people use

  32. lovetox

    need to look into how bothersome this is with a subkey

  33. singpolyma

    Yes. It was the only safe option for a short while and still the most broadly compatible

  34. lovetox

    we not only encrypt, we also sign with the openpgp XEP, now i do this in one operation

  35. singpolyma

    In the old days we all used DSA primary key with elgamal subkey

  36. lovetox

    hope i dont need to do 2 operations afterwards

  37. singpolyma

    It should be the same no matter what the key structure is

  38. lovetox

    so i guess i can pass the main key for all operations, and it will use the subkey for encryption without me telling it specifically=

  39. lovetox

    so i guess i can pass the main key for all operations, and it will use the subkey for encryption without me telling it specifically?

  40. singpolyma

    yes

  41. Stefan

    lovetox, ``` gpg --quick-gen-key 'xmpp:local@domain.tld' future-default default 5y pub ed25519 2024-09-22 [SC] [verfällt: 2029-09-21] 816A5191E0C9A81D0F5A0E7C8278792A00E5580D uid xmpp:local@domain.tld sub cv25519 2024-09-22 [E] ```

  42. Stefan

    https://profanity-im.github.io/blog/post/openpgp-for-xmpp-ox/

  43. lovetox

    thanks works now, i just need to specify default

  44. lovetox

    other issue with OX

  45. lovetox

    its just so damn slow for me

  46. lovetox

    like full stanza encryption means, that we send for example typing notifications, i have a noticeable delay if i send messages with OX

  47. lovetox

    like 200 ms at least if not more

  48. Stefan

    with cv25519?

  49. lovetox

    hm ok, its gone now that im on the power cable with my laptio

  50. lovetox

    hm ok, its gone now that im on the power cable with my laptop

  51. singpolyma

    Other problem with OX is it doesn't use SCE xep yet, heh

  52. lovetox

    is this a big problem? thought this is just some wrapper

  53. Martin

    Ox always appeared slow to me when using profanity and gajim. As Go-sendxmpps encryption and decryption is a lot faster I assume it's gnupg which is slow.

  54. lovetox

    ah, it has all the rules how to process the content

  55. lovetox

    and openpgp left that open

  56. moparisthebest

    It's only a problem if you go to implement some new SCE using thing and need to rewrite everything instead of reusing code

  57. moparisthebest

    But that's a problem for future lovetox

  58. singpolyma

    And I think OX will be based on SCE eventually

  59. lovetox

    the only real pro for OX is the history decryption

  60. Martin

    And one key per account instead of one key per client installation.

  61. moparisthebest

    No one wants that though

  62. moparisthebest

    I mean, everyone wants history on all devices but also PFS because security dudes say PFS required

  63. moparisthebest

    The answer is history sync between devices

  64. Martin

    Tell all this people who complain about decryption issues after they transferred an account to a new device without generating new keys.

  65. moparisthebest

    Sorry I was responding to "history decryption"

  66. Zash

    History sync between devices is what sucked about Skype, which drove me towards becoming an XMPP dev. Full circle?

  67. moparisthebest

    Always has been

  68. Zash

    Are we going to need to run history sync bots that help?

  69. Zash

    Should I just go ahead and run `shuf` on my archives?

  70. moparisthebest

    > Are we going to need to run history sync bots that help? On the server?!?!?!? 🤣

  71. Zash

    Back in those days you need an always online participant for large group chats to work at all. And you got history in random order anyway. It sucked so bad.

  72. Zash

    Then Microsoft solved it by just moving it all into the cloud, turning the p2p system into a client-server system. Yay for circles!

  73. moparisthebest

    I'm pretty convinced XMPP s2s is the only real p2p chat

  74. Zash

    It is

  75. singpolyma

    > No one wants that though My experience with users begs to differ, heh

  76. moparisthebest

    singpolyma: you have users that ask for non-pfs encryption? That's surprising

  77. singpolyma

    I have users who lose or destroy their only device and then are shocked that they can't get any history back without it

  78. singpolyma

    So yes

  79. singpolyma

    Most of them don't know what "PFS" is of course

  80. moparisthebest

    Surely WhatsApp/signal/everything has those kind of users too... They just don't get their history back

  81. moparisthebest

    It's a lesson in "have backups"

  82. moparisthebest

    Also regular SMS users...

  83. singpolyma

    > Surely WhatsApp/signal/everything has those kind of users too... They just don't get their history back Yes I'm sure WhatsApp gets this complaint too

  84. moparisthebest

    Ox doesn't help those people anyway because they also can't remember their username or password 🤣

  85. singpolyma

    It's not a panacea I agree