#21 Problem with loading keys from file?

closed-duplicate
None
3
2003-09-23
2003-09-08
No

Does gaim-encrypt negotiate for a new key to be
transferred even though we already have the key?

Here's the output from a single conversation window,
when I do the following:
1) I turn encryption on.
2) I send a message.

I see the following in the converation window;
(18:10:51) Requesting key...
(18:10:51) YYYY: schmoocrypt

The key of this user is present in
~/.gaim/known_keys.

When the receiver is offline, it will simply halt at
"Requesting key...", so there seems to be an attempt
to negotiate a new key from him even though we
already have the key on file.

The key 'lookup' is done for the proper ICQ # and not
for an alias.

I've attached a file with the output of 'gaim -d'
corresponding to this message. Hope it's helpful.

The ICQ # of the sender (me) has been replaced by
YYYY and the receiver with XXXX in the file.

Hope this helps,
Mats.

Discussion

  • Mats Uddenfeldt

    Mats Uddenfeldt - 2003-09-08

    Output from 'gaim -d'

     
  • Bill Tompkins

    Bill Tompkins - 2003-09-23

    Logged In: YES
    user_id=21203

    It isn't possible to send an offline message with the
    security guarantees that Gaim-Encryption provides. An
    attacker could intercept the message and replay it later, if
    there is no negotiation between the two ends. I'd suggest
    either email, for offline messages, or a buddy pounce that
    auto-sends an encrypted message (while the latter should be
    possible, I haven't tried it- I don't know how or whether
    the plugin will deal with an auto-sent message)

    -Bill

     
  • Bill Tompkins

    Bill Tompkins - 2003-09-23
    • priority: 5 --> 3
    • assigned_to: nobody --> obobo
    • status: open --> closed-duplicate
     

Log in to post a comment.