Have you considered the possibility of integrating delta.chat in openkeychain.org ?
2 Likes
yes, we’ve considered it, but one issue is that OpenKeychain is available for Android only while Delta Chat is multi-platform (and we did not want a different PGP solution on every platform).
however, we’re in close contact with the authors of OpenKeychain as well as with K-9 and there is some cooperation, eg. Autocrypt and also the QR code verification (labs-feature in Delta) is compatible between Delta Chat and K-9.
2 Likes
That’s true, I didn’t realice that.
Excellent work, thanks!
1 Like
Openkeychain integration would be really nice, as users could continue to manage their keys from within one place. Moreover it would give users more possibilities, as Openkeychain has more powerful PGP features than DeltaChat. Users could use their key for more aliases or use e.g. a Nitrokey for example. And as this would give a benefit to users who use other E-Mail clients aside from DeltaChat, this is clearly in DeltaChat’s scope, as it’s goal is not to interfere with the users current E-Mail setup.
(However, please don’t lose the focus on being user-friendly, you do great work in this means!!. Thanks, by the way.)
Edit: So, please don’t drop the current PGP implementation, as doing so would probably really harm the UX for those who don’t use PGP/Openkeychain in the first place.
While I get the point of not wanting multipe PGP solutions, I for example use the same email account for Delta Chat as I use with K-9 and mutt (on my desktop).
In this case, the options are:
- export Delta Chat key, add it as a subkey (gpg and OpenKeychain) and publish pubkey on keyservers
- export key from gpg without encryption and password and import it to Delta Chat
- don’t use encryption at all
I don’t like either of above options, but I still went with the second one, because it’s the only one, which allows me to read emails encrypted with the key, people already have and use.
1 Like
Btw, I stopped using delta.chat because of that and some other inconveniences, nobody cares about.
@anon96500352 hi, we care, there are too many things to do, also please report the other inconveniences in new posts/threads
3 Likes
Any progress in implementing OpenKeychain support? It’s an excellent solution to this problem and the lack of robust, secure key handling is the primary reason why I can’t use the project.
Any progress in implementing OpenKeychain support?
OpenKeychain is stale, see eg. their github repo: “WARNING: This software is no longer actively developed” - and also activity and updates underline that. apart from that, as outlined above, OpenKeychain was never a good match for Delta Chat as e.g. being multi platform and aiming to target non-nerds with no ideas about keys
secure key handling is the primary reason why I can’t use the project.
there are good news:
Delta Chat has a robust, secure key handling as well, there were several recent security audits and analyses, FAQ - Security Audits
1 Like
Oh, bummer about Open Keychain. I hope the project gets picked up. There is no alternative, alas. The 2024-03-05 release still works fine, phew!
A critical, absolutely essential feature of PGP is persistent, long-lived, never-changing-except-if-compromised keys that you keep active for decades so people know it is actually your key and not some MITM attack. The only way that works is if you can import a password protected key into the app and securely decrypt it when active and securely decrypt it when not. This is a capability that OpenKeychain provides to various mail applications like K9 or FairEmail in a robust and user-friendly manner.
It is unfortunate that the 17% of users that value a desirable logo over utility so cripple security for the other 83% of us.
As for non-nerds… I’d be curious what the user cohort looks like in terms of IT experience. Given that your target would seem to be limited to people who can manage their own email server, are you sure that “non-nerds” is the best target demographic?
I used Delta Chat and even evangelized it among the users I know that are comfortable with GPG (making profuse apologies for the key handling) until the app started deleting non-delta chat mail from my server and it was a multi-day scramble to recover from various offline IMAP stores. I’ve been wary ever since, to be honest (once burned and all that).
Still, if I could securely use my key, the one people already know and trust with Delta Chat, whether through Open Keychain or an integrated, password protected key management facility, I’d take a chance again, but maybe that’s just me.
Having a single key that you use for everything and copying it to all devices is not necessarily the most secure way to manage your keys. An alternative is to let Delta Chat create a “chat key” and then publish a certification using your “root key” to say that you also have this “chat key”. This way you can manage your “root key” in OpenKeychain or better on a non-mobile device.
Don’t know what you are talking about here.
Most Delta Chat users are not people who manage their own email server. I don’t even think it was ever the case.
Delta Chat deletes messages from the server if you enable the setting to delete messages from the server (delete_server_after internally). If you enable the setting and Delta Chat displays the message, it may delete it. There are of course corner cases if you manage to confuse Delta Chat with virtual folders or create a new folder with the same UIDVALIDITY, but I’m not aware of any bugs that may have caused deletion of wrong messages, nobody reported anything similar. More likely it is not clear description of what the setting means. We generally recommend using a separate mailbox for chatting rather than the folder. This way you can completely exclude the possibility of Delta Chat interfering with your non-chat email usage.
1 Like
I agree, that is a real bummer. It is very handy to have a general purpose PGP app for Android. If anyone knows a better/maintained alternative on F-Droid, please let me know!
One of the reaons I still use OpenKeychain is to encrypt my Delta Chat backups, since Delta Chat doesn’t do this yet.
I agree, that is a real bummer. It is very handy to have a general purpose PGP app for Android. If anyone knows a better/maintained alternative on F-Droid, please let me know!
There seems to be some momentum around GoOpenPGP.
If Delta Chat enabled the (secure, not suicidal) use of persistent keys, like a typical email client, then you wouldn’t have to worry about this, they’d be sieved into the correct folder in your regular mail store and accessible following your mail client’s rules.
Sure, that’s one way of doing it. I’d rather use my primary key so people can look it up on a key server or by WKD by my email address, the same address associated with my delta chat ID, and verify by reference that it is most likely my key. I understand that is A use modality, not THE use modality.
oh just being snarky about iOS users, a tiny minority in the global scale with outsize influence on the development of tools. iOS users make me sad.
It isn’t meaningfully “decentralized” if you expect users to default to Gmail or the default mail provider. It is decentralized and secure when I can use my IMAP server on my hardware sitting in my premises. Delta Chat makes that easy, much easier than running your own Signal server anyway, and that’s really awesome and something I’ve wanted since the mid 00’s. Plus I really like that the chat is accessible in my primary mail store and gets all the cool bonus utility that comes with that standard and standards compliance while still being useful as a typical low-friction, low intellectual effort communication modality. It is great that, assuming my use concept is doable, that even when Delta Chat goes the way of Yahoo Messenger, my messages will still be accessible to me, even 30 years from now, because they’re in my IMAP store encrypted with my public key that’s on my keyring.
Delta Chat should never, ever, ever, ever delete a message off the server without per message, explicit consent. Ever. Like EVER. No. Bad app. If that isn’t an absolute, unchangeable, fundamental philosophy, nobody should connect delta chat to their archival mail store (which is for most of us, our only mail store, though that may well be our personal issue and inconsistent with Delta Chat’s intended use). That’s a literally catastrophic failure.
I do appreciate the candor in the continuing cavalier embrace of “corner cases” that could confuse the app and result in silent, irreversible destruction of critical data. I would suggest being clear about that as a design decision so that people might take more care than I did in 2022 in connecting Delta Chat to my primary mail store.
BTW, I think I managed to recover all the messages Delta Chat deleted, but I’ll never be 100% sure.
Open keychain is not actively developed anymore.
So I think it’s not a good idea to implement support.
1 Like
Yah, I did not know it was abandoned, that sucks. Projects that rely on it are scrambling, as is the way with dependencies. There are rumors that the dev was considering converting it to a maintainable library, but that seems dead too. I mentioned earlier the protonmail library which is being actively considered by many and, so far, incorporated into two (?). That seems like a bit heavier lift, though if it were me, I’d put it on the time line for serious evaluation as I’d also put secure handling of password protected keys (with all the overhead that entails) on the timeline of core features as well.
I do realize my use case does not appear to be the focus of the project and so it is entirely understandable that such features be considered non-core.
I’d ask that the project consider a use case where security needs are “real” - like crossing borders and being targeted for “special screening” or being caught up in some mass data request of a large provider of some competing centralized service such as signal where a single data request to Google or AWS could be sufficient to reconstruct the traffic patterns of all the service’s users as well as their real identities.
Delta Chat, running on a diversity of mail servers, individually maintained and physically located on private property, connected via a diversity of ISPs, would be highly resistant to such mass-sweeps. Providing affordance for standard key handling enables the convenient and powerful features of standard, widely shared, verifiable public keys which may be critical in a hypothetical environment where, say, activists are being targeted for monitoring and infiltration.
It is A use case, not THE use case. If that use case can be supported, I’ll be an enthusiastic advocate of Delta Chat.
Thanks, I will have to keep an eye out for this when it becomes viable!. Until then I am assuming that OpenKeychain generally has good longevity and there’s no reason to ditch it unless there are new vulnerabilities discovered.
There’s definitely more than two server options. Delta Chat currently lists dozens of compatible email providers and half a dozen chatmail servers on their website, and there are several more unlisted public servers. It’s common for “decentralized” platforms from Matrix to Delta Chat to have far more users than servers. But I agree there is room for improvement, and I assume decentralization will increase as more and more chatmail servers prove their stability, however chatmail is still in its early days.
By the way, Delta Chat has now removed manual key management and is discouraging the use of custom keys. In case you didn’t already see it, you might be interested to read this Github issue and this forum thread which discuss the motivation for the change and suggest directly editing the SQLite database for people who need to use their own keys.
Thanks for the details, time flies, the project moves on. I’m a bit sad - it came so close to being useful for me and so close to what I outlined back in the 90s, but the whole “we did a focus group and people didn’t understand keys” thing seems destined to be an terminal albatross around the neck of the community for years to come.
The open source community supporting email is so thin on the ground these days, I have little hope of an “advanced user” version of Delta Chat getting enough traction to survive, though the relatively trivial steps needed to handle key insertion certainly hint at the possibility of developing a simple auxiliary app for real key management (the trivial steps needed to extract a private key are rather terrifying).
I checked the FAQ at FAQ - Delta Chat and it still talks about importing keys and still advises removing password protection if needed.
Removing the import facility will address the murdered activist bug in the current advice to remove password protection to enable importing of a key - A usable idea for PGP keys with a passphrase - #14 by gessel - not the solution I was hoping for but better than leaving the current advice in place.
The new(ish) integration in Thunderbird seems to be novice usable without completely crippling GPG’s utility and might be a model UI for an auxillary app, though it seems like it would have to flush the keys out of the database in the same way that Open Keychain does out of memory lest an adversary also discover how trivial it is to export a private key from Delta Chat. A “DeltaSecure” app seems, at least superficially, a tractable solution. Side project…
I just looked at the FAQ and didn’t see this, so either I missed it or they’ve already updated the FAQ. (It would be helpful if the FAQ told you when it was last updated, but unfortunately it doesn’t say this.)
There has been some discussion about encrypting the local database but I’m not sure if there is progress being made in that area or where that sits on the roadmap.
the bad FAQ entry is only in “Norwegian Bokmål”, that translation is no longer maintained and was unlinked, but obviously the files were not deleted. we’ll do that now
@gessel how did you find find delta.chat/nb/ ? – to me it looks it is linked nowhere and there are no automatic redirects – of course, might be an old bookmark