Posts

GNUnet Messenger API: November 2025

Hey again, this month a few changes in GNUnet rolled out that would rename keys from its identity service to make clear they are blindable asymmetric keys. So I updated libgnunetchat to keep building against it. Additionally it was suggested that services like the messenger service in GNUnet should stop using those keys for HPKE (hybrid public key encryption) directly by deriving a keypair from the identity key. Instead it should use a separate key pair only for HPKE but signed by this blindable identity key. The advantage is pretty obvious. The least a keypair is reused for encryption purposes, the lower is the chance to reverse engineer the private key using samples of such encryption. The disadvantage is that such separate keys need to be stored additionally, exchanged between multiple devices by the receiver to decrypt private messages. So in simple terms: It makes everything a bit less efficient and more complex. But since I’d already implemented storing symmetric keys for ...
Read more

GNUnet Messenger API: October 2025

Image
Hi there, this month I started to port the messenger application from GTK3 and libhandy to GTK4 and libadwaita . So far the progress looks pretty good. I still need to adjust some widgets to avoid usage of some deprecated ones. There is some logic missing to upload files because file dialogs and widgets from GTK3 using those haven’t been ported exactly. So things need to change. Screenshot of the main window ported to GTK4 If you are interested in testing the changes so far, I have pushed all commits to a separate branch so far. While porting I have also noticed some bugs in the application and libgnunetchat API which might cause crashes or freezes. I will try to solve them before any release but I’m very confident that the next release will contain all the changes towards GTK4. Hopefully this will help long-term with reducing CPU load in case of image file previews and video streams. Also I’d like to add in-place video previews for shared files instead of relying on the vide...
Read more

GNUnet Messenger API: September 2025

Hey, a few days ago GNUnet 0.25.0 got released with the latest changes to the CORE layer and containing the new PILS service reducing the risk of being tracked while using GNUnet over a wider area. The MESSENGER service might still have some issues working properly with these changes but I will let you know here when I implemented necessary changes to utilize the new PILS service. This will be necessary because the MESSENGER service actually requires to track peers collaborating in message exchange to some degree. It won’t be necessary to link peer identities to individual chat room members. At the same time switching networks on abstract level like walking around with your mobile device or switching from physical connection to WiFi shouldn’t cause issues, message loss or heavy disconnections. So it will be fun to tackle this! However I’m very optimistic GNUnet is going in the right direction with all this work on its fundamental layers. There are still issues underlying in the TR...
Read more

GNUnet Messenger API: July 2025

Image
Hi there, unfortunately I didn’t make it to write a blog post last month. I was quite busy closing open ends of other projects while there were quite some bugs and issues to be solved in the Messenger service of GNUnet . On the bright side this means I have a lot to talk about this month. Most critical issues could be solved already, test cases of libgnunetchat pass again with all latest changes and the end-to-end encrypted chats seem to work as intended. I am still encountering some issues that messages do not get received immediately from chats or the chats can behave somewhat inconsistent. However it’s likely some condition caused by parallel events or a very specific order of events that’s difficult to reproduce. But these issues only seem to appear on reopening old chats from a previous session. The current sessions simply seem to work properly. Invitations do now respond to input feedback all the time and chat types get visualized depending on actual bits in a chat room’s key....
Read more

GNUnet Messenger API: May 2025

Hi again, to decrease complexity in the account system and key management I decided against separating identity keys from chat accounts and epoch keys for forward secrecy will instead be stored locally using GNS . The keys will be encrypted additionally using a key derived from the private identity key. So only the ownert of this key with storage access will be able to access those epoch and group keys to further access encrypted messages of certain epochs in the message graph. With those changes I could get rid of bigger API changes in the Messenger service . Key management is completely automatized now, once you provide a private key to the client API. So that makes further implementation a lot easier and it shouldn’t hurt confidentiality. As next step I want to improve the key exchange in regard to implement perfect forward secrecy. So that in case your long-term identity key gets into hands of an attacker, it’s still impossible to retrieve old epoch keys and access messages exch...
Read more

GNUnet Messenger API: March 2025

Hello again, since last month I tried to optimize the mechanism of forward secrecy further and indeed I was able to reduce the amount of messages required for a whole key exchange in a new epoch. So rather than scaling N scare if N is the amount of epoch members, it seems to scale linear now. That is quite an improvement but there’s still room for more adjustments. For example I realized recently that the current implementation is not providing perfect forward secrecy yet. That means if your long-term private key (the identity key to sign messages) gets compromised, an attacker might still be able to access messages from older epochs by request its keys from others. So to mitigate this, it will require changes that restrict requests of older epoch keys much more. Additionally deriving epoch keys via KDF could be adjusted to make it much more difficult to brute-force any epoch key from messages with HMAC using keys from the KDF. Once that’s done, there’s still work to do for allow...
Read more

GNUnet Messenger API: February 2025

Image
Hi again, My progress on the forward secrecy in the Messenger service of GNUnet is coming to a state where I have proper testing and results. You can find the current state of tests and benchmarks in a development branch of libgnunetchat which utilize a new ping tool for the Messenger service. The tool sends a TEXT message into a selected chat room and waits for other clients using the same tool but acting as receiver to send a TAG message back choosing the TEXT message as target. As a result the sender will measure and print out the delay between sending and receiving the response. Like that it’s possible to measure latency added via the implemented forward secrecy as well as its key exchange mechanism. The results so far are a mixed bag to be honest. Good news is that latency and general cost by symmetric encryption is negligible once the key for an epoch is exchanged. However bad news is that the amount of messages required for a proper key exchange as well as group formation...
Read more