What entails prefer e2e encryption?

settings -> autocrypt -> prefer end to end encryption

Which is the effect of marking prefer end to end encryption? If encryption
has been established, then what happens if the receiver deletes you
as a contact or deletes delta chat from his computer? Are your emails then sent in
clear text?
I do not want that. I want enforced encryption. Either messages must
be sent encrypted or not sent. Thank you.

You can only encrypt if you have the public key of your recipient.
There are already feature proposals on this forum regarding showing if a message will be encrypted to the user. If you want to always encrypt you can make a verified group.

So prefer end to end encryption means encryption will take place if the required keys are
available? If not then the message will be send in clear text?

If so that is unacceptable. If encryption is important then you cannot
have that the messenger program decides if a message gets encrypted and not the
sender of the message.

Under settings -> autocrypt
the menu should have 3 options.
1 no encryption.
2 prefer end to end encryption.
3 force encryption

The latter resulting in a message only getting send if
it is encrypted.

normal chats will always be sort of opportunistic. this is because users can answer with their normal mail agents - eg. if you forgot your phone with the normally used Delta Chat at home, you can still use Gmail as a fallback. encryption shall not stand in the way of communication here, see https://tools.ietf.org/html/rfc7435.html#section-1.2 for more detailed information about the reasonings.

however, as @Simon pointed out, in Delta Chat, there is more than just Autocrypt. there are Verified Groups that enforce encryption.

and Verified Groups even protect against active attacks by default (mitm, machine in the middle) - this is not even the case for most messengers advertised as being “secure” :wink:

And as additional information:

You can create a verified group with only two members.
So it’s a secure 1 to 1 chat.

Gmail as a fallback.

Or you can refrain from sending a message, because you have decided the
message you want to send must be encrypted.

https://tools.ietf.org/html/rfc7435.html#section-1.2

The reasoning in the paper has its place. But it limits when you can use delta chat. If
you have decided a message must be encrypted else you
will not send it, delta chat has ruled itself out, because of the prefer end to end
encryption approach.

Let the delta chat user make the decision on encryption by adding the
force encryption option.
Would it be technically difficult or resource demanding adding a force encryption
option in delta chat? If not it should get made. I do not agree on the argument,
people to not know about pgp keys. Therefore delta chat says, it will encrypt when
it can, but do not expect a message to be encrypted. It makes the number
of people who want to use delta chat smaller. I reject the argument, if not everybody understands
the implications of pgp keys, then nobody should have access to forced encryption in
delta chat.

Verified Groups

I am not sure I understand it. The problem about pgp keys is verifying the
fingerprints. Verified groups provides getting forced encryption? But is verified groups
more than a streamlined way of verifying the pgp keys’ fingerprints?
If person A and B exchanges their pgp fingerprints displayed in contact -> righclick ->
show encryption information in person, is that not as secure as
verified groups? About verifying pgp key fingerprints is a field where you can
set your own level of security. Do you demand that the fingerprints are
verified in person? Does it suffice if others can verify the pgp keys
fingerprints? Does it suffice if you read the fingerprints on a website or
get to watch them on videos? That is your decision.

Forcing encryption would imply that you can NOT send any message to people which keys you don’t have.
That’s not what you want, is it?
There is a feature proposal for showing whether a message will be encrypted before sending, I believe that is a much more realistic approach.

other related topics:

not what you want

My understanding is, the first message send cannot be encrypted because
in the first message person B receives A’s public pgp key. If prefer
end to end encryption is enabled, then B’s reply to A will be encrypted
because he has A’s public pgp key. Next message from A to B is also encrypted,
because A now has B’s public pgp key. Thereby establishing encryption
between A and B.

A and B does not know if an adversary has interfered. Therefore
A and B will have to come up with a way to verify the other person’s
fingerprint.

What I want is an option in settings -> autocrypt called force encryption such that
if selected every contact with whom encrypted messaging has been
established will only receive encrypted messages. Else the message
will not get send. If sending a message to a contact fails and
delta chat tells it failed because the message could not get encrypted,
then I would write the contact an email in order to find out why encryption
failed. It should be workable, because I expect that encryption in
general works.
In result, if encrypted messaging in delta chat has been established, then I do
not want to be able to send non encrypted messages to a contact. For
non end to end encrypted messaging I can use an email.

showing whether a message will be encrypted before sending

That would also do. But if encryption to a contact has been established and
at one point delta chat says, the next message will not be encrypted, then I would
want delta chat to display the notification in a big window you would
have to close before continuing.

1 Like

@gggvv I know the feeling, in my case it is totally the opposite, I would like to completely disable encryption and not send any key in my email or any other nonsense :wink:

but in your case, as others had pointed out, there is a solution for just what you want, just create a verified group with the person you want to encrypt permanently, this also verifies the contact which is a must, since yo seems to care about security it have no sense you encrypt if the contact isn’t verified, could be a “man in the middle” attack, so you just have to use verified group with that friend, any message you send in a verified group will be ALWAYS encrypted.

on the other hand, there are no way to disable encryption :stuck_out_tongue: :cry:

1 Like