Major new features are included in this release:
- Forward Secrecy in conversations, making Covert the first offline messaging tool to implement that and the only one that conceals both the sender and the recipient, leaking no metadata.
- ID store for keeping permanent public keys and Forward Secrecy temporary keys.
- Avoids having to enter keys on command line, where identities stored on disk may be used by name
- Signature verification shows ID names for known keys
- Storage is protected by a Master ID passphrase that by default is 5 random words but can be changed
- See covert id --help
- Greatly improved CLI command help including colour and sub command help.
- Changes in signatures breaking compatibility with versions prior to 0.7.0. The current implementation is intended to be stable.
- Large number of bug and usability fixes, other improvements, increased test coverage, refactoring and more typing.
The main purpose of this release is for developers to start testing forward secrecy and ID store in actual use. Although their implementation is not stable, we need real world testing to guide further development. Please report anything that you find unclear or buggy, as well as ideas for improvement especially on user interface.
Both parties of a conversation need to have ID stores enabled to initiate a conversation with Forward Secrecy. The initial message sent uses standard public key cryptography, and unless the peer has ID store enabled, any replies to it are also not secured against key breaches. The protocol used is based on Signal's Double Ratchet with header encryption.
The GUI does not yet support the use of ID store, planned to be included in later versions once the system stabilises. Due to lacking agent support Covert will ask for ID store passphrase on each run but this is also subject to change such that the ID store may stay unlocked for a while and avoid frequent passphrase prompting.
We also like to thank our two new developers who have done valuable maintenance work and contributed to improved CLI help.
What's Changed
- Added Montgomery module and minor changes in Elliptic module by @covert-encryption in #67
- Minor fixes on key parsing, typing and additional tests by @covert-encryption in #76
- Fix blockstream decryption bug causing signature verification failures by @covert-encryption in #80
- Add some tests by @MarionetteAccount in #83
- Upgrade dependencies to avoid a problem with GUI not starting by @covert-encryption in #84
- List supported key formats and examples in usage by @heikkiorsila in #78
- Implement ID store in a file by @covert-encryption in #81
- Add more typing by @MarionetteAccount in #86
- Refactor CLI as a submodule with cli.py broken into smaller modules by @covert-encryption in #87
- Improve covert dec UX with passphrases and ID store by @covert-encryption in #88
- Second phase of ID store implementation by @covert-encryption in #89
- Passphrase wordlist word "joint" replaced by "joe" to avoid confusion with some combinations like "jointrace" and "jointramp"
New Contributors
- @MarionetteAccount made their first contribution in #83
- @heikkiorsila made their first contribution in #78
Full Changelog: v0.6.0...v0.7.0
