Currently, it is only possible to get someones public key into DeltaChat if the person uses an AutoCrypt-capable MUA (i.e. DeltaChat). If there was an option to not only import private, but also public keys, wouldn’t that enable DeltaChat-users to communicate encrypted with non-Autocrypt-users in one to one chats?
A great deal of Delta-Chat users care about encryption. Therefore, a good quantity of them have been encrypting before and might even already went through the pain of importing the public keys of their corespondents and verifying their fingerprints and all that.
A big advantage of DC over other messenger I see is that it is not exclusive. What I mean is that one is not forced to use DC in order to communicate with DC-users. But this is broken when one wants to communicate encrypted: The non-DC user may need to install another mail-client or plugins into their thunderbird, which I think is no good UX.
Add compatibility for 3rd-party key-storage?
This had been brought up before (for slightly different reasons): Using third-party key management (at least on android/mobile). Being able to optionally(!) use a 3rd party key-storage like a gpg-keyring on desktops or OpenKeyChain on Android would solve above problem, plus it would remove the necessity of importing and exporting keys. Just check the box and everything works.
I would consider myself a user of GPG encryption prior to using DeltaChat and familiar with setting up keys, encrypting files and emails, etc.
I find the ease of use of DeltaChat to be excellent and agree with the principles of AutoCrypt in general. I could see corner cases for users like me who would like to import known public keys they have exchanged with contacts prior to using DeltaChat, knowing that these contacts don’t use AutoCrypt enabled clients or assuming they don’t.
I have no suggestions to make regarding the technical solutions. I would favor a cross-platform solution.
Another corner case I would like to propose for contideration outside of AutoCrypt regular usage:
There is a short list of known secure email providers that use GPG to secure communications between their subscribers. I suppose they might have registries of public keys for each subscribers. Would it make sense, for those know service providers only (since most have not implemented AutoCrypt) to fetch public keys for each contact that use them, prior to sending them a series of message?
I definitively also fall in this category of users.
I can see my own encrypted messages sent from my other MUA, with the padlock, but I can’t read their responses on Delta Chat if they don’t have autocrypt headers.
In the contact setting for a particular person would be a great place to have an “import public key” option.
I was like “wow, Delta Chat removes all the hassle, I can just respond” and then I put my public key on my contact page. Then removed it right away when I remembered that I can’t just respond. I would need their key, too.
Supporting this, had some talks with @cyBerta@link2xt@nami and @r10s about this. We all want this, including an option to attach our own public key as an attachment. There’s still some open questions, if i remember it correctly they were:
how is the state handled internally. We currently already have I think 3 priorities of keys, gossip keys, autocrypt header keys and verified keys. Somehow attached/manually loaded keys need to be put in to one of those categories, or opening a fourth.
what happens if we receive a different autocrypt/gossip later after we manually imported a public key? Simply overloading has security implications, completely blocking it could render the chat unusable if the contact switched to deltachat/changed their key.
This ties in to the general problems of mitm/key-“updating”. I don’t think it’s wrong to alert me that the person I’m talking to changed their key, so I can verify (maybe out of band) that they did. “Oh, new phone, don’t worry” they could say and that’d be fine. It’s scary to think of the implications of “trust on every use”.
To comment on the question more specifically; if someone has a PGP key on their website it could be a “legacy” key from before they started using autocrypt, and maybe they want their new hot autocrypt key instead. OTOH those legacy keys are probably much bigger & harder to crack than the short li’l keys Delta Chat uses by default?
What happens if the contact has lost the key and cannot decrypt the messages anymore? Currently there is always an automatic fallback, you can always chat in a 1:1 chat, without encryption in the worst case. If we pin the key manually, there should be some conditions to unpin it.
There is currently a plan to add verified 1:1 chats, once this feature is finished maybe adding a public key manually can be treated the same as verifying it, but there are still open questions on how to treat unencrypted messages and key changes.
What happens if the contact has lost the key and cannot decrypt the messages anymore?
People who use manual keys are ususally a li’l more responsible with them than us ditzy folks who have to use Autocrypt, but you’re right that it needs to be possible to change or remove keys for a contact. Keys also ususally expire at a particular date.
(Big picture having a double-ratchet / forward secrecy scheme for email would be wonderful but that’d be a whole other thread.)
I have a ton of people just using regular PGP, and Delta Chat decrypts from them which is great, but I can’t reply (and if I do, which happens often, I accidentally send unencryptedly to them). Importing PGP (maybe warning if their keys are weak & old) for these non-autocrypt stragglers would be wonderful.
ouch! that you accidentally sent unencrypted sounds bad, I wonder if with protected chats this issue will be solved for you, I guess no since you will not have a way to verify your contacts since they don’t use delta chat, unless an option to “verify manually adding key” is added
If they write back saying “dammit Sandra take off the tinfoil hat for three seconds, I lost my key in one of my many drunken stupors, I can’t read what you’re sending” there should be a button to manually remove the imported key from my contact-specific settings for them.
After having used PGP heavily for the past three years (I get hundreds of encrypted messages every week) this has not happened yet, but that should be the out.