GNUnet Messenger API: May 2025

Hi again,

to decrease complexity in the account system and key management I decided against separating identity keys from chat accounts and epoch keys for forward secrecy will instead be stored locally using GNS. The keys will be encrypted additionally using a key derived from the private identity key. So only the ownert of this key with storage access will be able to access those epoch and group keys to further access encrypted messages of certain epochs in the message graph.

With those changes I could get rid of bigger API changes in the Messenger service. Key management is completely automatized now, once you provide a private key to the client API. So that makes further implementation a lot easier and it shouldn’t hurt confidentiality.

As next step I want to improve the key exchange in regard to implement perfect forward secrecy. So that in case your long-term identity key gets into hands of an attacker, it’s still impossible to retrieve old epoch keys and access messages exchanged before an attack retrieving the private key.

I’ve also adjusted parts in libgnunetchat to make sure everything is working in the different applications that build on top of it. It will finally store information in the preshared key of Messenger rooms whether this room is public or private, utilizing the new key exchanged to gain forward secrecy. On application level these changes won’t be noticable. But it will fully separate public and private chats long-term.

It will also be possible to mark a chat room via flag as group to check for validity. This should help with consistency and transparency on application level what kinds of chats you have joined or you have received an invitation to. That will allow to mark a direct 1-to-1 private chat as compromised once a third party joins and it will also allow to visualize whether someone invites you to a direct 1-to-1 chat or a group chat. Additionally I’m thinking about adding some meta information to invitations anyway like the title for a group chat. So users can make a very well thought decision before accepting any invitation.

All of this will improve privacy and transparency. However it’s still to consider that every information added to describe a context will allow options for attackers to gain trust via phishing. Which is why I always liked the idea to only separate kinds of chats by technical properties like the amount of members. So I will try to account for such attacks during implementation trying to not misrepresent optional hints for communication contexts as truths but rather opinions.

Kind regards,
Jacki

Read original article

Popular posts from this blog

GNUnet Messenger API: March

GNUnet Messenger API: July 2025

GNUnet Messenger API: March 2025