XSF Discussion - 2019-06-25

  1. Yagiza

    Daniel, are you here?

  2. Daniel

    Yagiza: yes

  3. Yagiza

    Daniel, I need to clarify something about OMEMO implementation. Can you help me?

  4. Daniel

    Yagiza: I don't know. But we can try

  5. Yagiza

    Daniel, ok, thanx!

  6. Yagiza

    Section 4.3 says, that I must publish my IdentityKey. But IdentityKey is a public/private key pair.

  7. Yagiza

    Do I need to publish both keys, or just public one?

  8. Daniel

    The public key

  9. Yagiza

    Daniel, ok. That's the way I did it.

  10. Yagiza

    Daniel, the only question is why tag name is so ambiguous.

  11. Yagiza

    <signedPreKeyPublic/>, <preKeyPublic/>, but <identityKey/>?

  12. Yagiza

    The next question is about section 4.5.

  13. Yagiza

    It says: "In order to send a chat message, its <body> first has to be encrypted. The client MUST use fresh, randomly generated key/IV pairs with AES-128 in Galois/Counter Mode (GCM). The 16 bytes key and the GCM authentication tag (The tag SHOULD have at least 128 bit) are concatenated and for each intended recipient device, i.e. both own devices as well as devices associated with the contact, the result of this concatenation is encrypted using the corresponding long-standing SignalProtocol session."

  14. Yagiza

    What does that mean? How to encrypt, "using the corresponding long-standing SignalProtocol session"?

  15. Yagiza

    Do I need to use one of pre keys, published by target devices to encrypt key I just generated?

  16. Yagiza

    Or do I need to use it just for a first message and mark it with preKey="true" attribute?

  17. Yagiza

    And one I received a key/IV pair from the device, I need to use that key instead?

  18. flow

    dwd, hmm?

  19. dwd

    flow, You referred to SCE as SEC in your mail to standards@. I'm disproportionately amused.

  20. flow

    Ahh, I see.

  21. Daniel

    Yagiza: you generate a random iv+key, encrypt the message with that key. And then you feed the key into all signal protocol session

  22. Daniel

    And if no session exists yet you create them

  23. Daniel

    With prekeys downloaded from pep

  24. Yagiza

    Daniel, well... What does it mean "to create a session"?

  25. Daniel

    That is defined by the signal spec

  26. Yagiza


  27. Ge0rG

    I actually like SEC much more than SCE, with you-know-what as a close second. Can't we change the title to "Stanza Encrypted Content" at least? 😁

  28. Yagiza

    The next question is: which functions from libsignal-protocol-c do I need to use to generate key/IV pair? Those from sender_key.h?

  29. Daniel

    They are not provided by the library. It's just random bytes

  30. Yagiza

    Daniel, IC. And which function can I use to encrypt my message using that key/IV pair?

  31. Daniel

    Some aes gcm implementation

  32. Yagiza

    Daniel, ok

  33. COM8

    Yagiza: I also had quite a few problems understanding the OMEMO XEP. If you need a working example with documentation look at: https://github.com/UWPX/UWPX-Client/blob/master/XMPP_API/Classes/Network/XML/Messages/XEP-0384/OmemoMessageMessage.cs

  34. Daniel

    there is also https://wiki.xmpp.org/web/Tech_pages/OMEMO which can be interesting to people implementing omemo

  35. Daniel

    it doesn’t answer the specfic questions Yagiza had. but _other_ questions

  36. Yagiza

    COM8, Daniel, thanx!

  37. Daniel

    would be interesting to know what problems you COM8 ran into so we can mention it on the tech pages or elsewhere

  38. vanitasvitae

    Yagiza: for which client are you doing your implementation?

  39. Yagiza

    vanitasvitae, eyeCU.

  40. COM8

    It were some general problems with understanding What the XEP wants from me and which parts comes from libsignal and how it is used in combination with OMEMO. Quiet abstract without a concrete example - at least for me. I had planned to create a PR with changes to the wording and adding some more examples but on the Sprint in Berlin I was talking to people which mentioned there would be some planed changes to the XEP so I will wait until they have been merged before I start updating it.

  41. Yagiza

    COM8, ok

  42. pep.

    COM8, I don't think these changes are coming soon tbh, most of them might be breaking from what I understand. So if yours are cosmetic, do PR

  43. COM8

    pep: Ok thanks for the information - will start working on it.

  44. COM8

    Is it only me or is somebody else getting duplicate messages in here since ~3 days

  45. Ge0rG

    COM8: must be you

  46. Ge0rG

    COM8: must be you

  47. COM8

    Ok 🤔

  48. jonas’

    Ge0rG, you troll.

  49. Ge0rG


  50. lovetox

    You have to understand the signal protocol and librarys that implement it first

  51. lovetox

    then you read the XEP and learn how you can wrap that for xmll

  52. lovetox

    then you read the XEP and learn how you can wrap that for xmpp

  53. lovetox

    RFCs for xmpp also dont describe how TLS works, you have to understand what TLS is, that there are librarys for it, how to use these librarys, and then you read the XMPP RFC, on how to use it in context of XMPP

  54. lovetox

    So yes if you have no idea what the signal protocol is and how to use the librarys and expect the XEP tells you all that, this will not work out

  55. Yagiza

    Daniel, so, I use Signal Protocol session to encrypt key/IV pair instead of messagea. And messages themself are encrypted with that key/IV pair, which a generate randomly right?

  56. Daniel


  57. Daniel

    The IV isn't encrypted. But yes

  58. Yagiza

    Daniel, so, then.. what is GCM authentication tag, whih I need to concatenated with a key?

  59. Daniel

    Yagiza: your gcm library will either give that to you or append that to the cipher text

  60. Yagiza

    Daniel, IC.