Difference between revisions of "Tech pages/OMEMO/Quickstart"

From XMPP WIKI
Jump to navigation Jump to search
(Add some explanatory blog posts)
Line 16: Line 16:


A good trust model to implement is [https://gultsch.de/trust.html|Blind Trust Before Verification (BTBV)]
A good trust model to implement is [https://gultsch.de/trust.html|Blind Trust Before Verification (BTBV)]
===Further Reading / Background===
Some explanatory articles about the encryption behind the OMEMO protocol can be found below:
* [https://blog.jabberhead.tk/2019/04/04/shaking-hands-with-omemo-x3dh/|Shaking Hands With OMEMO - About the X3DH Handshake]
* [https://blog.jabberhead.tk/2019/04/15/closer-look-at-the-double-ratchet/| Closer Look at the Double Ratchet]
Some hints about possible pitfalls:
* [https://blog.jabberhead.tk/2019/12/13/pitfalls-for-omemo-implementations-part-1-inactive-devices/|Pitfalls for OMEMO Implementations - Part 1: Inactive Devices]

Revision as of 16:34, 13 December 2019

This is a short tutorial on how to get started with OMEMO. This is not to replace the XEP but to extend it and give you some clear steps to follow instead of a having to read through a formal specification.

Step-by-Step

  1. Add eu.siacs.conversations.axolotl.devicelist+notify to your disco features. That will subscribe you to the device list updates of your contacts.
  2. On every login publish your bundle information. (Your publickey and pre keys.) Keep the used device id consistent. You have to republish this because you don't know if the server was restarted or might have otherwise lost the information.
  3. After publishing the information and getting an IQ-result back retrieve your own devicelist. (You might also get this automatically due to the subscription in step one but that might fail if you don't have one yet. Retrieving the list manually makes you know for sure.) If the device list does not contain your own device id publish the device list with your device id added. (Also deduplicate device ids in the list just for good measure and to counter act potential errors in other implementations)
  4. Since you subscribed to the device list you will now be receiving device ids from your contacts. Save the jid-device id tuples for later use. Each tuple will have an active flag. If a device id is no longer in the list you set it to inactive. If it re-appears later you set it to active again.
  5. Treat the device ids of your other devices the same.
  6. Due to bugs (or weird behaviour) in ejabberd you might not always get the device list from offline contacts. So before login you should restore the tuples from your own database. But incoming PEP events will always override the database. The restore from your database is only to have a fallback in case you don't get the PEP list.
  7. When you first write a message to someone look up all active device tuples and create sessions with them by retrieving the corresponding bundles. (Explicitly query the nodes eu.siacs.conversations.bundles:$id.)
  8. On subsequent messages you have to check if you already have sessions for all device tuples and only query the bundle for missing sessions.
  9. Retrieving a message from a device id will set that device id to active again.

Trust

Every session has a fingerprint. (The identity key) Offer the user the abiltiy to decide wether to trust each fingerprint. You only send messages to trusted fingerprints where the device id is active. If there are no trusted fingerprints display a dialog offering the user to trust them. If there are new fingerprints (from new devices) offer the user to trust them. So essentially every jid-deviceid-fingerprint tuple has two values (inactive/active and undecided/trusted/untrusted)

A good trust model to implement is Trust Before Verification (BTBV)

Further Reading / Background

Some explanatory articles about the encryption behind the OMEMO protocol can be found below:

Some hints about possible pitfalls: