-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement ID store in a file #81
Conversation
Codecov Report
@@ Coverage Diff @@
## main #81 +/- ##
==========================================
+ Coverage 75.43% 78.55% +3.12%
==========================================
Files 23 27 +4
Lines 2190 2649 +459
Branches 513 609 +96
==========================================
+ Hits 1652 2081 +429
- Misses 419 431 +12
- Partials 119 137 +18
Continue to review full report at Codecov.
|
Would it make sense to not create a new sender automatically, but ask for a confirmation (y/n) before creating a new key? There is a small possibility of a typo in sender name. Creating unused redundant keys is bad. It does not matter for receiver names much. |
There certainly could be a prompt when running in a terminal. Probably needs to default to "yes" in non-interactive use. |
… it warns on subprocess calls anyway.
…g home for idstore.
…ncy on Ed25519 and sign errors with that.
Static keys fully implemented and working but still needs further work on UX and an implementation of temporary or ratchet keys. On decryption any keys in ID store are automatically tried before asking for passphrase, and the I plan to add |
|
|
Basic CLI for forward secrecy as of now:
Multiple initial messages may be sent, all use normal public key format. Bob needs to decrypt one or more of them, in any order:
Alice receives and responds
|
This PR is getting big, and I will need to do major code refactoring for cleanup before proceeding with further tasks. Since the refactoring will make diffs unusable, I am asking for a review at this point - to get the biggest problems fixed but no full QA prior to merge - so that work can continue with another PR keeping the diffs and the scope of review reasonable. |
I am considering to entirely remove support for creation/modification of local keys via |
|
||
### Initial messages using public keys | ||
|
||
The sender of a public-key encrypted message may signal his capability to support Double Ratchet in replies by adding an `r: N` field in the archive index header. This should only be used when there is a single recipient, as the double ratchet only functions between two parties. Further, both parties will need to use a persistent **idstore** to keep track of the ratchet keys in use. The sender stores locally the filehash of each message sent, which becomes the header encryption key for the initial ratchet reply. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this is the first time "N" is mentioned, it should also be explained. This would be message number starting from 0, 1, ... presumably.
|
||
The sender of a public-key encrypted message may signal his capability to support Double Ratchet in replies by adding an `r: N` field in the archive index header. This should only be used when there is a single recipient, as the double ratchet only functions between two parties. Further, both parties will need to use a persistent **idstore** to keep track of the ratchet keys in use. The sender stores locally the filehash of each message sent, which becomes the header encryption key for the initial ratchet reply. | ||
|
||
Thus Alice sends a message to Bob, advertising this capability and including her public key or a random ratchet key. Bob can respond using normal public keys but assuming that he chooses to use a ratchet, he needs to initialise in his idstore a new ratchet with the filehash of the incoming message and store it in his idstore. Note that Alice may have sent multiple initial messages, and Bob may respond to any of these, not necessarily reading the others. The initial messages do not have forward secrecy but the message number `N` (0, 1, ...) included in the archive index can be used to track lost messages. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Word ordering "initialise a new ratchet in his idstore" is more clear.
|
||
Thus Alice sends a message to Bob, advertising this capability and including her public key or a random ratchet key. Bob can respond using normal public keys but assuming that he chooses to use a ratchet, he needs to initialise in his idstore a new ratchet with the filehash of the incoming message and store it in his idstore. Note that Alice may have sent multiple initial messages, and Bob may respond to any of these, not necessarily reading the others. The initial messages do not have forward secrecy but the message number `N` (0, 1, ...) included in the archive index can be used to track lost messages. | ||
|
||
Alice receives the message, not knowing it is from Bob, but trying all her stored keys to decrypt the encrypted header until a match is found with the filehash of the message she sent to Bob earlier. After this Alice initialises her end of the ratchet and expires the filehash from her idstore. Bob may also send multiple replies, and Alice can decrypt any of them using the same filehash but using nonce increments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does "expiring the filehash" mean, please clarify.
I think that's a good idea. It can be later added as an option for "covert enc" when and if we know better what is needed/practical. |
self.ciphertext.release() | ||
self.ciphertext = None | ||
self.file = None | ||
self.pos = self.end = 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is more clear to zero these variables on separate lines.
self.header.try_key(anykey) | ||
else: | ||
self.header.try_pass(anykey) | ||
|
||
@contextmanager |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For clarity, decrypt.py:DecryptView class should call decrypt_init() inside a with statement.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no decrypt.py or DecryptView class, and decrypt_init() is called within two with
statements in blockstream.py and cli.py. Also, this does not seem relevant to this PR.
Covert needs persistent keystore to avoid always typing keys on command line and more importantly to enable forward secrecy in conversations (because temporary keys need to be stored somewhere).
This is a draft implementation that still contains bugs
and does not implement anything but static keys.If the sender profile (alice) does not exist, it will be created. If no
-i
is provided, a new keypair is created. Keys may be replaced later by providing another recipient or-i
arguments. It is planned that bob won't need to add alice's key when replying. In near future this should also enable a conversation mode where replies have forward secrecy and post-breach secrecy. The profile names are strictly local and are never sent to peers.The ID store is protected by a longer than normal 5-word passphares, which is automatically created the first time the keystore is used. All profiles share the same master passphrase.
Breaking change: Signatures of upcoming 0.7 will be incompatible with prior versions.
TODO:
covert id
subcommand