Skip to content

[WIP] feat: Securejoin v3, encrypt all securejoin messages #7754

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Hocuri wants to merge 17 commits into
base: main
Choose a base branch
from
Open

[WIP] feat: Securejoin v3, encrypt all securejoin messages #7754

Hocuri wants to merge 17 commits into from
+760 −386

Conversation

@Hocuri
Copy link
Collaborator

@Hocuri Hocuri commented Jan 20, 2026
edited
Loading

Close #7396

TODO:

  • Implement the new protocol
  • Make Rust tests pass
  • Make Python tests pass
  • Test it manually on a phone
  • Print the sent messages, and check that they look how they should: test_secure_join_group_with_mime_printed.txt
  • Fix bug: If Alice has a second device, then Bob's chat won't be shown yet on that second device. Also, Bob's contact isn't shown in her contact list. As soon as either party writes something into the chat, the that shows up and everything is fine. All of this is still a way better UX than in WhatsApp, where Bob always has to write first 😂 Still, I should fix that.
    • This is actually caused by a larger bug: AUTH tokens aren't synced if there is no corresponding INVITE token.
  • Either make a new auth_tokens table with a proper UNIQUE bound, or put a UNIQUE bound on the tokens table
  • Benchmarking
  • TODOs in the code, maybe change naming of the new functions
  • Write test for interop with older DC (esp. that the original securejoin runs if you remove the &v=3 param)
  • Documentation
  • From a cryptography perspective, is it fine that vc-request is encrypted with AUTH, rather than a separate secret (like INVITE)?
  • Make sure that QR codes without INVITE work, so that we can remove it eventually
  • Update tests and other code to use the new names (e.g. request-pubkey rather than request and pubkey rather than auth-required - Could be done in a follow-up

Backwards compatibility:
Everything works seamlessly in my tests. If both devices are updated, then the new protocol is used; otherwise, the old protocol is used. If there is a not-yet-updated second device, it will correctly observe the protocol, and mark the chat partner as verified.

@Hocuri Hocuri changed the title [WIP] Securejoin v3: Encrypt all securejoin messages [WIP] feat: Securejoin v3, encrypt all securejoin messages Jan 20, 2026
@Hocuri Hocuri force-pushed the hoc/securejoin-v3 branch 2 times, most recently from 59957ed to ef97a7e Compare January 21, 2026 15:44
Hocuri
Hocuri commented Jan 22, 2026
View reviewed changes
@Hocuri Hocuri force-pushed the hoc/securejoin-v3 branch from 807b8c4 to afb7e2a Compare January 22, 2026 17:06
Hocuri
Hocuri commented Jan 26, 2026
View reviewed changes
src/mimeparser.rs
Ok(secret)
})
.await?;
secrets.extend(token::lookup_all(context, token::Namespace::Auth).await?);
Copy link
Collaborator Author

@Hocuri Hocuri Jan 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO use a new table rather than reusing AUTH token. Sort it by id DESC, in order to try the most recently generated token first.

Copy link
Collaborator Author

@Hocuri Hocuri Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, not sure if that's worth it.

We need to be able to look up existing AUTH tokens in case someone scans a QR code that was generated before the upgrade. So, token::exists would need to check both tables.

At this point, the question is, why make a new table at all.

Hocuri added 17 commits January 26, 2026 19:18
@Hocuri
Send v=3 in QR codes
cf72da4
@Hocuri
[wip, not compiling] Add render_symm_encrypted_securejoin_message()
fdb8cbf
@Hocuri
[wip, not compiling] extract function group_headers_by_confidentiality()
d11dda8
@Hocuri
[wip, doesn't compile] refactor: exctract add_headers_to_encrypted_pa…
9b32d06 
…rt() and set_content_type_to_encrypted() functions
@Hocuri
[wip, doesn't compile] fix: Set subject for securejoin message
411dfe0
@Hocuri
[wip, doesn't compile] Extract render_outer_message() functions
1832a32
@Hocuri
It compiles
dc6e710
@Hocuri
feat: Decrypt and answer on Alice's side (sending the message seems n…
ef6d8ca 
…ot to work yet)
@Hocuri
Fix some bugs when sending vc-pubkey, decrypt vc-pubkey on Bob's side
3744263
@Hocuri
Handle vc-pubkey on Bob's side
72ccfff
@Hocuri
Adapt some tests
7718189
@Hocuri
fix: Don't leak cryptographic identity by signing vc-request-pubkey
69c12cd
@Hocuri
fix: Don't limit number of auth tokens to 1
a8cd3dd
@Hocuri
modify test
ff0098b
@Hocuri
Update golden tests
7eab769
@Hocuri
Make the remaining Rust tests pass
7388481
@Hocuri
Update src/mimeparser.rs
81f79a9
@Hocuri Hocuri force-pushed the hoc/securejoin-v3 branch from afb7e2a to 81f79a9 Compare January 26, 2026 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Securejoin v3: 4-step protocol with symmetric encryption

2 participants

@Hocuri