Are you planning to encrypt backups? They are now stored in the archives.tar is completely open, you can go in and view all the contents. In the same Threema, I remember saving a backup copy.zip with AES-256 adhesion. Convenient and practical. I don’t know now, I’ve completely switched to DeltaChat and am slowly pulling up the rest.
Core already has the ability to encrypt the database. dc_imex function (see Delta Chat Core C Interface: dc_context_t Class Reference) accepts passphrase as a second parameter. Blobs, however, are not encrypted. Encrypting at least the database is a matter of changing the UI to generate passphrase and pass it as dc_imex parameter. Similar for the Desktop and JSON-RPC API: RawClient | @deltachat/jsonrpc-client
Just looked at how Signal does it today: it has a continuous-backup and generates a 36-digit passphrase just like Autocrypt Level 1: Enabling encryption, avoiding annoyances — Autocrypt 1.1.0 documentation for transferring keys which DC already supports on all platforms. So i think it’s best to re-use and adapt these UI passphrase-generation + typing dialogues and get a core API to encrypt/decrypt the whole backup file.
Generating an encrypted backup means you get a standard tar-file which can be decrypted with some standard algorithm. The tar-file contains a sqlite-database and a lot of attachments (pictures, media, avatars etc.). There is nothing that causes a dependency on Delta Chat, apart from the backup file exposing database tables specific to Delta Chat … but then again, any novice database programmer can make use of it.
The other jumps of yours (finance systems, morals, crime, terror prevention …) appear rather off-topic but maybe that’s because you see it all connected to “encryption” which you repeatedly took offense with. Let me just say this: the internet is a weird place. It is unlike anything we experience when without any electronic devices. Encryption plays a key role to not give arbitrary mediators dictatorial powers over our lives. It is not the village’s eldest or the head of your monastry that gets power, but various governments, be it the US government, the russian government or Mr. Brin, Mr. Zuckerberg, Mr. Musk, Mr. Putin, Mrs. Van-der-Leyen, Mr. Ping, Mr. Ayatolah etc. …
… whereas e2e-encryption is a fundamental technique that allows to choose which village or monastry we want to temporarily belong to and engage with without the interference of all these weird billionaire and government personas. This may sound anarchist to you and i probably won’t fully disagree. But i’ve been in the IT game for 3+ decades now, saw a lot of what is called past and ongoing #enshittification , and indeed think end-to-end encryption is a key technique to evolve and defend against dictatorial currents of all sorts.
As to your deletion-request i asked you in 1:1 for confirmation if you want to get all posts deleted which will garble the history of this support forum. We’ll do it if that’s what you want.
In any case, please take good care of yourself.
1 Like