Gajim - 2016-12-03


  1. Br0nek Link Mauve, how to get one directory from repository?
  2. Gnucchi hello I have a problem with creating QR-Codes in Gajim, I get only errors when I open the OMEMO Plugin. I have OMEMO 9.9.9 and python-qrcode installed.
  3. cuc hm it would be great if python-qrcode would be mentioned under "features" :)
  4. cippaciong Gnucchi, what error and what os?
  5. cippaciong does it look like this? https://dev.gajim.org/gajim/gajim-plugins/issues/158#note_88431
  6. cuc having that error too on ubuntu 16.04
  7. zak cippaciong: I had a "No module named builtin"-error as well, but only once after upgrading the plugin (Debian). A restart solved it fortunately.
  8. cippaciong cuc, Gnucchi, can you try to restart gajim as zak did and see what happens?
  9. cuc i did a full restart because after updating it just kept on saying it doesnt have python-qrcode installed
  10. cuc which i did
  11. cuc its quite easy
  12. cuc if i start python2 shell und try to import builtin it will give an ImportError
  13. cuc builtins that is...
  14. cippaciong yes, that's expected. The fact is that python should catch the exception and import __builtin__ instead
  15. cuc yes thats what i thought
  16. cippaciong but it seems that sometimes it doesn't do that
  17. cuc funny
  18. cippaciong python-pillow rather than python
  19. cuc i can see the try-except block which sould catch this...
  20. cuc :)
  21. cippaciong can you try to run that try-except in python2 repl?
  22. cuc u mean in the python shell?
  23. cippaciong yes
  24. cuc can i paste here?
  25. cippaciong it's ok for me
  26. cuc http://pastebin.com/sUt7Najc
  27. cuc nevermind :)
  28. cippaciong it's working..
  29. cuc yup
  30. cuc funky shit
  31. cuc not the first time i have strange ubuntu python behavior...
  32. cuc but im not a dev anyways ^
  33. cuc ^^
  34. cippaciong It's not only a ubuntu error I'm afraid. The issue on github is archlinux related but still, I use arch and I don't have that error at all
  35. cuc :)
  36. lovetox cippaciong, i think it has to do again with demanimport
  37. lovetox try adding in omemoplugins.py
  38. lovetox to the demanimport list
  39. lovetox '__builtin__'
  40. lovetox and 'builtins'
  41. lovetox and maybe 'PIL'
  42. jplitza Hi, I'm having problems with the OMEMO plugin. It seems to pick wrong keys or something when encrypting messages: When I send an encrypted message from Gajim, account A to my own account B, I can read it on my phone (Conversations), account B, but neither with Gajim, account B nor with my phone, account A (I have message carbons configured)
  43. jplitza On the terminal I see this exception: InvalidKeyIdException: No such signedprekeyrecord! 25053
  44. jplitza Is there any way to reset these prekeys without losing Gajims private key that other people have verified already?
  45. lovetox yes
  46. lovetox go to the plugin config window
  47. lovetox and delete the fingerprints
  48. lovetox of the contact you have the problem with
  49. lovetox after that just write a message to him
  50. lovetox it should pull the correct prekey after that
  51. jplitza Ah, okay. Because these problems keep popping up with multiple contacts, I'll simply screenshot the window, delete all fingerprints and add them afterwards. Thanks!
  52. lovetox no
  53. lovetox you cant add fingerprints
  54. lovetox just write a message, to the contact afterwards, and it should popup the fingerprint window
  55. lovetox where the same keys should be loaded again
  56. jplitza Yes, that's what I meant
  57. lovetox ah
  58. lovetox sorry :D
  59. lovetox i think this happens
  60. lovetox if you add someone but never exchange a message from a device
  61. lovetox if you add someone on a account, at least exchange one message
  62. jplitza Hm, I had guessed that it was caused by replaying a backup of my home dir
  63. lovetox em, yeah that could also be the reason
  64. lovetox you cant simply backup omemo
  65. lovetox all sessions get invalid
  66. lovetox so if you do this, you should delete all fingerprints afterwards
  67. lovetox that would initiate on first message a new session with the contact
  68. jplitza Okay. What about inbound messages?
  69. lovetox hard to say, if only a few messages are exchanged from other devices betweent your backup and replay, it could still decrypt, but if its a loinger time
  70. lovetox all messages are lost
  71. lovetox thats a security feature, no one for example can decrypt your current messages if he finds a old db with keys from you
  72. lovetox forward secrecy its called
  73. lovetox it can still be good to backup the omemo db, because you keep your masterkey, and other contacts dont have to verify a new fingerprint
  74. lovetox but you cant decrypt messages with a backup that were written AFTER the backup
  75. lovetox and sessions proably get invalid and faulty at some point
  76. lovetox so you have to reset them
  77. jplitza Thanks for the explanation. I know about the principle of Forward Secrecy, but never cared to find out how exactly OMEMO accomplishes it (even though it proved my statement in the XMPP wiki wrong: https://wiki.xmpp.org/web/XMPP_E2E_Security#Multiple_resources )
  78. jplitza I think it would make sense to a) document this, and b) make it easier to reset the prekeys without losing the fingerprint verifications
  79. lovetox letting aside backup problems, this error you have, its caused by not fully initialize a session
  80. lovetox to fully initialize a session between 2 contacts
  81. lovetox Contact A has to pick a prekey of Contact B and send a message
  82. lovetox then Contact B has to answer to that message correctly
  83. lovetox after that the session is initialized and no prekeys are needed anymore
  84. lovetox so what happend here probably is
  85. lovetox Contact A picked a pre key and send a message to B
  86. lovetox then you made a backup from that point
  87. lovetox afterwards contact B sends you the answer and everything is find
  88. lovetox afterwards contact B sends you the answer and everything is fine
  89. lovetox until you replay the backup
  90. lovetox because now you send again the initial message with the prekey because you didnt receive an answer
  91. lovetox but B knows that this prekey was already used before and is invalid
  92. lovetox so it has the exception in the log
  93. lovetox invalid prekey
  94. lovetox so its true that omemo doesnt handle this case now good
  95. lovetox because from that point on the plugin doesnt do anything to resolve the situation
  96. lovetox i will try to implement this if i have time
  97. jplitza Mentioning that there is a problem would be a start ;)
  98. jplitza The exception only showed up at the console, there was no indication in the GUI that I received message that could not be decrypted or something like that
  99. lovetox yeah though thats intended, if a client sends us invalid messages we dont want to inform the user normally.
  100. lovetox i think about a way to resolve this state and initalize a new session
  101. lovetox but its impossible to do this without some messages lost
  102. lovetox the plugin cant detect if the db is backedup or not
  103. lovetox and we dont get a notification from contact B that the prekey we used is invalid
  104. jplitza Well, it might make sense to split the "persistent" part of the DB from the "transient" part and only backup the former
  105. lovetox so this messages is definitly lost
  106. lovetox yeah this would make sense, still a user has to know that he should not backup everyhting
  107. jplitza Where the permanent contains all fingerprint verifications and master keys, and the transient one all sessions and prekeys
  108. jplitza Yes, of course. But then recovering after a backup could be as simple as "delete that file"
  109. lovetox thats true, i could also just make a button
  110. lovetox that deletes all transient stuff from the db
  111. jplitza Probably simpler in the short term, yes
  112. lovetox i think i will do this, because now if you have many contacts with many fingerprints, you have to click a lot the delete button ^^
  113. jplitza And re-verify a lot of fingerprints
  114. lovetox true, i could also think about a way to retain the fingerprints, and just delete the sessions
  115. lovetox ... hmmm :)
  116. jplitza I can't get one of my two accounts to fetch the key of the other resource on that account :(
  117. lovetox did you try to restart gajim
  118. lovetox ?
  119. jplitza Yes, twice now
  120. jplitza Ah, now it worked
  121. jplitza Now the other account is missing the second resource key -_-
  122. jplitza So I trigger fetching of contact's keys by sending them a message. How do I trigger fetching my own keys? ^^
  123. lovetox same way
  124. lovetox should be fetched on a message to someone, doesnt matter who
  125. lovetox but i dont think the window pops up on own fingerprints