Configure DC-Account through QR-Code

I would like to suggest that Deltachat apps should learn how to configure an account from a QR-code.

Email-providers could then generate QR-codes for their users (or admins could generate them for their organisational members, or group-techies for their allies), in order to make it even easier to get started with Deltachat.

As far as I know there is no (living) standard for encoding credentials in a string. I’m only aware of QR-codes that contain a URL to download a configuration profile (e.g. fastmail.com). But those are OS-specific, more complex and maybe not even well applicable?

So I think you would be free to invent your own scheme. But it might be easiest to just re-use the response format of mailadm?

(It might be useful to think about the extensibility of the scheme: I can e.g. imagine that organisations would like to include an email-address into the QR-code, which is used to open a chat with and compose a draft á la “I made it”, that only needs a tap to be sent. This way the sending admin could know who successfully set up their Deltachat app, and could then invite those people to a group.)

2 Likes

Thanks for bringing this up! With Bjoern and others had already discussions around this.
I’d avoid re-using the existing dcaccount burner-account format (it takes a URL) but rather design a specifc “account setup transferal” QR code, with few required and several optional fields (relating to the various config settings that delta chat internally has for an account):

  • required: mail-domain, username, password
  • optional: imap-server/smtp-server/ports/tls-policy/…

and it would be good to design it such that we can add more optional fields later (eg pre-shared SSL-cert fingerprint etc.). So we need a text format for specifying such config values. Maybe DKIM header=value format with header specified via single chars? I think it’s based on some MIME standard and we probably have the code for both directions already in core.

Note that it could be useful to transfer a secret PGP key in the QR code as well. This way one Delta Chat user could transfer a full account setup to another user’s DC device (or a second of their own). This is nice if multiple people want to operate a “functional” or “collective” account such as “support@…” or “press@…”.

1 Like

we should keep in mind the maximum size or qr codes
https://www.qrcode.com/en/about/version.html
depending on the error correction level the max size ranges from 1.273kB to 2.953kB (English comma).

might be worth looking into whether we could read them too for initial account config.

To “get around” the limited size, couldn’t you zip it and use the base64 encoder? :thinking:

Related: https://github.com/deltachat/deltachat-core-rust/issues/1233

2 Likes

Sure, i am aware of the size limits. ASCII version of a secret ED25519 PGP key is 400 bytes.
I don’t think we hit size limits for account-setup-transfer QR codes unless we want to include full-hd avatars into them :slight_smile:
Let’s not get lost in this optimization consideration – the real thing here is defining the format, introducing it into the core, and teaching the UX to show a localized message where users can say “yes” to.

base64 makes everything about a third bigger :wink:

1 Like

I would like to be able to see what config values are applied, possibly in a table behind an advanced button or sth like that. That would useful for debugging and when we have config qr codes that modify the account to increase security because then the user can look what exactly is being modified.

for simplicity over format complexity/size optimizations I would just use:

key=value
config_var=value2
...

instead of thinking of 1 letter aliases of the config keys, if we only support ED25519 keys we don’t have to worry about space that much (min. 870bytes free for more information, it utf-8 encoding that would be ~30 simple config vars or more)
If it turns out to be an issue in the future we could still define aliases and if required even use a binary format.

An exception would be when we would also store the key for an group that should be joined, then the space might get low on highest error correction.

I suggest to use a specific account-setup-transfer QR code UX and not a generic “modify any config values” one. The account-setup-transfer would have one localized high-level explanation and if a user accepts the action, will define/setup a whole account with whatever settings. Let’s assume a user that is less us but rather maybe the furthest-away-from-technical-details relative/friend you know.

1 Like

For providers offering AutoConfiguration an Aztec Code should be programmatically simple to derrive. You could similarly derrive the far inferior qr code matrix.