First of all, I really love this project. Keep up the good work!
TL;DR: It would be great if the attachment menu would include a button to send one’s public key as an .asc-file to someone.
I’ve been using DC for about a year now and have a couple of contacts with whom I regularly use it. However, I do have many contacts that do not use DC, but with whom I communicate via PGP encrypted email. Exchanging keys with them (in particular if the recipient has a setup that is incompatible with autocrypt) is quite a hassle - but possible.
This topic has come up many times before.
Reading the following two threads, I found out that I can import my contacts’ public keys using VCards:
In order to send my public key to my contacts, I used to export it (Settings → Advanced) in the desktop app and then send it as a file. Unfortunately, this feature has been removed:
I also tried extracting the key from my own VCard, but unfortunately to no avail. If anybody knows how to extract a PGP key from a VCard generated by Delta Chat, please let me know.
In general, this procedure does seem too complicated though and I think that one of the great selling points of DC is it’s interoperability. Manual key exchanges are possible already and do not have any security drawbacks (quite the opposite I would argue). For users of the mobile DC apps, performing a key exchange like this requires a significant amount of effort and technical skills that cannot be expected from every user. Adding a feature to the user interface (in desktop and mobile apps) that would allow one to send one’s public key as an .asc-file to someone, would greatly improve DC’s interoperability and usability for everyone.
I would suggest to include an item in the attachment menu (the paper clip symbol) that allows one to send - apart from photos, contacts or files - one’s public key. If there is some concern that this might confuse users, it could of course also be hidden somewhere else or only be visible when explicitly being activated in the settings.
I would love to hear what others think about this!
Why not just attach your own contact (vcard) to the message from the menu? Your peer is already expected to be able to parse it. The key property contains a binary pgp file encoded as base64, so it’d also be possible to convert it to .asc if you need it for some reason.
Yes, that’s exactly what I was trying to do, but it does not seem to work. Maybe I’m doing something wrong. I’ve been trying to import the VCard directly to Protonmail, but they did not recognise the key. That might of course be an issue on their side, so I tried to extract the key from the VCard.
If I understand it correctly, the xjMEaF1...bF1Bw== part is the binary PGP key encoded as base64, so I decode it as follows:
echo "xjMEaF1...bF1Bw==" | base64 -d > key.bin
However, trying to import it with gpg --import key.bin fails with the following output:
gpg: mpi larger than indicated length (256 bits)
gpg: read_block: read error: Invalid packet
gpg: import from 'key.bin' failed: Invalid keyring
gpg: Total number processed: 0
Importing the key that I copied from the sqlite database with gpg --import key-from-db.bin on the other hand succeeds.
Where am I going wrong?
Also, while I am interested in knowing where I went wrong, I cannot expect other people to go through all this trouble to import my key. Importing PGP keys from VCards is not widely supported and it would help less technically inclined people to set up end-to-end encryption if one could just send the public key as an .asc-file.
I don’t know how to help you without seeing more concrete data, because the way you detail works perfectly for me. You may want to also try with gpg --dry-run --import -v -v -v key.bin Are you using an up to date version of gpg? You may try the same command with a fresh OS user to rule out that your keyring is in error.
It would also be feasible to implement a webxdc app to convert a vCard to an asc file, similar to the already existing converter from asc to vCard.
Ooh wait. I missed one character when copy/pasting the base64 encoded key. It does work. Great! Sorry for the confusion.
However, I still think it would be a useful and desirable feature to have if one could send keys in .asc-format (and ideally receive and process them directly within DC as well). My concern that importing public keys from VCards and exporting them into VCards is not widely supported by other email providers and email clients still stands.
Using webxdc apps to handle this seems to be more of a workaround and there might be reasons that some people do not want to enable webxdc apps at all, but still want to be able to set up end-to-end encryption with non-DC contacts.
Protonmail already supports importing contacts from vcards. You may want to open a feature proposal for them to also support the existing key property in the standard.
Yes, I will certainly do that seperately as well. It would be great if they would support that. Exporting a contact as a VCard from Protonmail already includes the key and DC is able to import it.
This feature request is not only about Protonmail though. There are many other email providers that support PGP in their web apps, but that do not handle VCards. In the interest of interoperability it would be good to keep the people using those providers in mind as well.
