While trying to enable wildcard OpenPGP Key IDs, we have discovered incompatibility in core versions <1.160.0.
Key IDs are constructed as the hash of the key fingerprint truncated to 64 bits. They are normally transmitted in plaintext in OpenPGP messages so recipients can identify the PKESK (Public Key Encrypted Session Key) that is intended for them instead of trying to decrypt each PKESK. The disadvantage of this is that part of the key fingerprint is transmitted in plaintext. Because of this OpenPGP standard allows to replaces key ID with all zeros and use so-called “wildcard key ID”. This is a standard feature described in RFC 9580. Now obsolete RFC 4880 contains a similar sentence.
We have considered enabling it in the next releases, but discovered that existing clients using core <1.160.0 do not decrypt the messages with such anonymized key IDs.
Support for wildcard key IDs was added in rPGP 0.16.0 and we use rPGP 0.16.0 since core 1.160.0 released on 2025-06-22.
I have looked up the oldest versions that used at core >=1.160.0 according to the changelog:
- Delta Chat for Desktop used core 1.160.0 in version 1.60.0
- Delta Chat for Android used core 1.159.5 in version 1.58.4, then upgraded to core 2.8.0 in version 2.8.0, so the oldest compatible version is 2.8.0.
- Delta Chat for iOS used core 1.159.5 in version 1.58.6, then upgraded to core 2.8.0 in version 2.8.0, so the oldest compatible version is 2.8.0.
- For DeltaTouch the oldest compatible version is 2.9.0, using core 2.9.0.
(Delta Chat clients now try to synchronize version to the core version, this is why 2.x version numbers are the same for the clients and the core)
Many users update very rarely, especially on desktop operating systems, so if you are still using a version that does not support wildcard key IDs, you may want to check that all your devices are upgraded to avoid forgetting to do this later.
We have not released any core chat sends wildcard Key IDs yet and have postponed this change for now, likely at least until the beginning of 2026 to give users and bot developers time to upgrade.
One of the problems is that legacy Python bindings using in bots are at version 1.155.6. Most bots are now updated to use the new JSON-RPC bindings. We will likely release an update to the legacy Python bindings anyway so bot maintainers can just upgrade without switching to JSON-RPC, even though upgrading to JSON-RPC is preferred.