[jitsi-dev] using fingerprints instead of public keys for remote contacts


#1

Hey all,

I'm a developer with the Guardian Project working on making it possible to sync crypto identities across different apps and protocols. Right now I'm focusing on OTR. We also have an Android app called Gibberbot which is an XMPP/OTR app also based on otr4j. We are working on an easy to use app called OTR File Converter:
https://github.com/guardianproject/otrfileconverter

Right now, otrfileconverter can read adium, gibberbot, irssi, jitsi, and pidgin, and can write out all of the other formats. Writing out to Jitsi is not possible because jitsi/otr4j stores the whole public key of remote contacts and uses that for verifying whether a contact's key has been seen before and whether its verified. libotr-based apps like Pidgin and Adium only store the fingerprint of the remote public key. So that means its currently not possible to convert a libotr otr.fingerprints file to a file that Jitsi can use since you cannot generate the public key when you only have the fingerprint.

You can see how it was done in Gibberbot here:
https://github.com/guardianproject/Gibberbot/issues/111

This is the property in question:

net.java.sip.communicator.plugin.otr.gptest_limun_org_publicKey=MIIBtzCCASwGByqGSM44BAEwggEfAoGBALIPbK26FdYo6GFYYJn5wY5oyCLTwC4htXt0ZNWmZL9A5utF8ZMenNPgmIkL8uCWYt++K1MMvej/HVQjM8At/qqQSpcMKadAP5MosrxtjqYjPkhLTpso1juDyx/BPf30k9gN7kq1Ld3DwZrJFEwW5GtJEyfAnmiK5YK5+NVuJxorAhUA6rT+37LAMxMSBOrd/Z76IbUNCukCgYEArsRZ5Hn0p1BnJWfjtp80YaVEgCIlgOq/FNoNUg6w9tenSyKHpaRijI+Wb7XSrXfAn0BTudCPoAG6FnyhjMBRd7hk/i7tjHWcRHXiprQoS2uwosuFbr1FuymeMHCfCdJgZyzIUOChKtjFB7NAgDd+nA5AGj+EsHg+qHESsdvamwoDgYQAAoGAKanej9Jm8ZGIJGs0thP0cX3xBs2LIXnGnPQXIZaw/VYtuzBpQouTFcgZdYo8vwl3p7IFRgDENVTfEq/klv73nfWhQwDj9fKg4m6Ou1dqUr1COSlxjU6mib1GoCG82Wpbro+D6cD/Rr5jvgI5pfwe6QGqVuLpjkzafQaVcOW8NhU\=

The gibberbot version of this is:

gptest@limun.org.FF66E8C909C4DEB51CBD4A02B9E6AF4D6AF215F8.publicKey.verified=true

But perhaps it would fit the Jitsi prop key style more to do something like:

net.java.sip.communicator.plugin.otr.gptest_limun_org_fingerprint=FF66E8C909C4DEB51CBD4A02B9E6AF4D6AF215F8

.hc