-
hello!
hi
-
lovetox
hey, about openpgp, when we create keys .. is there any suggestion for algorithms?
-
singpolyma
ECDH/ECDSA ideally
-
singpolyma
Unless you need really broad compatibility then still RSA
-
Schimon
Does MUC support PEP? Is it possible to create PubSub nodes for MUCs? This is an error for an MUC. ``` ERROR <iq to="slixfeed@canchat.org/slixfeed" id="9f2f958a70ed4009abb10aeaca04e10f" from="devs@conference.cyberdelia.com.ar" xml:lang="en" type="error"><pubsub xmlns="http://jabber.org/protocol/pubsub"><create node="xmpp:slixfeed:0" /><configure><x xmlns="jabber:x:data" type="submit"><field var="pubsub#title" /><field var="pubsub#description" /><field var="pubsub#notify_retract"><value>1</value></field><field var="pubsub#max_items"><value>20</value></field><field var="pubsub#persist_items"><value>1</value></field><field var="pubsub#send_last_published_item"><value>never</value></field><field var="pubsub#deliver_payloads"><value>0</value></field><field var="pubsub#type"><value>http://www.w3.org/2005/Atom</value></field></x></configure></pubsub><error type="cancel"><service-unavailable xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" /><text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">The feature requested is not supported by the conference</text></error></iq> ``` This is an error for a client JID. ``` [2024-09-22 17:48:33,152] ERROR: slixfeed.xmpp.iq: <iq to="slixfeed@canchat.org/slixfeed" id="969b939995254ae7be4bfab269e09a8c" from="slixfeed@movim.eu" xml:lang="en" type="error"><pubsub xmlns="http://jabber.org/protocol/pubsub"><create node="xmpp:slixfeed:0" /><configure><x xmlns="jabber:x:data" type="submit"><field var="pubsub#title" /><field var="pubsub#description" /><field var="pubsub#notify_retract"><value>1</value></field><field var="pubsub#max_items"><value>20</value></field><field var="pubsub#persist_items"><value>1</value></field><field var="pubsub#send_last_published_item"><value>never</value></field><field var="pubsub#deliver_payloads"><value>0</value></field><field var="pubsub#type"><value>http://www.w3.org/2005/Atom</value></field></x></configure></pubsub><error type="auth"><forbidden xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" /><text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas" xml:lang="en">You're not allowed to create nodes</text></error></iq> ```
-
singpolyma
Schimon: it's not really realised to MUC or not in any way. It's a question of server setup. I'm not aware of any major servers set up to allow this right now✎ -
singpolyma
Schimon: it's not really related to MUC or not in any way. It's a question of server setup. I'm not aware of any major servers set up to allow this right now ✏
-
Schimon
singpolyma. Thank you. To whom, do you think, should I refer to, concerning this matter?
-
singpolyma
Probably easiest first thing would be to write a module for prosody to enable it
-
Schimon
Thank you.
-
lovetox
singpolyma, gpg does not let me create a encryption key with ed25519 or cv25519
-
lovetox
says wrong key usage
-
lovetox
> You can't encrypt data with ed25519 algorithm (it's not a cipher), it's only a digital signature scheme
-
lovetox
TIL
-
lovetox
so there is only rsa
-
moparisthebest
ed25519 is signing only, the cv one is encryption
-
moparisthebest
That's the only right one to use today, not RSA, not other ECC
-
lovetox
> gpg --quick-gen-key "asd2@asd.at" "cv25519" ✘ 2 19:15:42 > gpg: Key generation failed: Wrong key usage
-
moparisthebest
lovetox: https://gist.github.com/TrevCan/8a6075e9a7eb8bbdf75622e977400150 might help
-
moparisthebest
I think you are missing the "encrypt" as last arg
-
lovetox
no does not work even with that
-
moparisthebest
Does that script work? I use that kind of key for encryption and have a script to generate it but don't have access to it right now, I can look later
-
lovetox
this adds subkeys if i see it right
-
lovetox
i dont do this, i want on main key that can sign and encrypt
-
lovetox
if i use default gpg creation, it creates a main ed25519 key, and a sub cv25519 key
-
lovetox
maybe this can only be done with a subkey
-
lovetox
i mean i guess i could do this ..
-
Menel
Hm. I'm quite sure I have 25519 only keys for my pgp. Will have to look how I did that
-
singpolyma
> if i use default gpg creation, it creates a main ed25519 key, and a sub cv25519 key Yes that sounds correct ↺
-
singpolyma
> i dont do this, i want on main key that can sign and encrypt You can't both sign and encrypt with the same key in most algorithms. That's a special feature of RSA ↺
-
lovetox
and thats also the one that most people use
-
lovetox
need to look into how bothersome this is with a subkey
-
singpolyma
Yes. It was the only safe option for a short while and still the most broadly compatible
-
lovetox
we not only encrypt, we also sign with the openpgp XEP, now i do this in one operation
-
singpolyma
In the old days we all used DSA primary key with elgamal subkey
-
lovetox
hope i dont need to do 2 operations afterwards
-
singpolyma
It should be the same no matter what the key structure is
-
lovetox
so i guess i can pass the main key for all operations, and it will use the subkey for encryption without me telling it specifically=✎ -
lovetox
so i guess i can pass the main key for all operations, and it will use the subkey for encryption without me telling it specifically? ✏
-
singpolyma
yes
-
Stefan
lovetox, ``` gpg --quick-gen-key 'xmpp:local@domain.tld' future-default default 5y pub ed25519 2024-09-22 [SC] [verfällt: 2029-09-21] 816A5191E0C9A81D0F5A0E7C8278792A00E5580D uid xmpp:local@domain.tld sub cv25519 2024-09-22 [E] ```
-
Stefan
https://profanity-im.github.io/blog/post/openpgp-for-xmpp-ox/
-
lovetox
thanks works now, i just need to specify default
-
lovetox
other issue with OX
-
lovetox
its just so damn slow for me
-
lovetox
like full stanza encryption means, that we send for example typing notifications, i have a noticeable delay if i send messages with OX
-
lovetox
like 200 ms at least if not more
-
Stefan
with cv25519?
-
lovetox
hm ok, its gone now that im on the power cable with my laptio✎ -
lovetox
hm ok, its gone now that im on the power cable with my laptop ✏
-
singpolyma
Other problem with OX is it doesn't use SCE xep yet, heh
-
lovetox
is this a big problem? thought this is just some wrapper
-
Martin
Ox always appeared slow to me when using profanity and gajim. As Go-sendxmpps encryption and decryption is a lot faster I assume it's gnupg which is slow.
-
lovetox
ah, it has all the rules how to process the content
-
lovetox
and openpgp left that open
-
moparisthebest
It's only a problem if you go to implement some new SCE using thing and need to rewrite everything instead of reusing code
-
moparisthebest
But that's a problem for future lovetox
-
singpolyma
And I think OX will be based on SCE eventually
-
lovetox
the only real pro for OX is the history decryption
-
Martin
And one key per account instead of one key per client installation.
-
moparisthebest
No one wants that though
-
moparisthebest
I mean, everyone wants history on all devices but also PFS because security dudes say PFS required
-
moparisthebest
The answer is history sync between devices
-
Martin
Tell all this people who complain about decryption issues after they transferred an account to a new device without generating new keys.
-
moparisthebest
Sorry I was responding to "history decryption"
-
Zash
History sync between devices is what sucked about Skype, which drove me towards becoming an XMPP dev. Full circle?
-
moparisthebest
Always has been
-
Zash
Are we going to need to run history sync bots that help?
-
Zash
Should I just go ahead and run `shuf` on my archives?
-
moparisthebest
> Are we going to need to run history sync bots that help? On the server?!?!?!? 🤣 ↺
-
Zash
Back in those days you need an always online participant for large group chats to work at all. And you got history in random order anyway. It sucked so bad.
-
Zash
Then Microsoft solved it by just moving it all into the cloud, turning the p2p system into a client-server system. Yay for circles!
-
moparisthebest
I'm pretty convinced XMPP s2s is the only real p2p chat
-
Zash
It is
-
singpolyma
> No one wants that though My experience with users begs to differ, heh ↺
-
moparisthebest
singpolyma: you have users that ask for non-pfs encryption? That's surprising
-
singpolyma
I have users who lose or destroy their only device and then are shocked that they can't get any history back without it
-
singpolyma
So yes
-
singpolyma
Most of them don't know what "PFS" is of course
-
moparisthebest
Surely WhatsApp/signal/everything has those kind of users too... They just don't get their history back
-
moparisthebest
It's a lesson in "have backups"
-
moparisthebest
Also regular SMS users...
-
singpolyma
> Surely WhatsApp/signal/everything has those kind of users too... They just don't get their history back Yes I'm sure WhatsApp gets this complaint too ↺
-
moparisthebest
Ox doesn't help those people anyway because they also can't remember their username or password 🤣
-
singpolyma
It's not a panacea I agree