top | item 28002996

(no title)

They are implemented, but I would say there are still bugs in it and it isn't yet 100% trustworthy. Moving E2EE out of beta is one of the goals for the next release though. There are still some minor kinks, but I have been using Nheko as my primary client for E2EE chats for 2 years now. I wouldn't trust it if you know someone is actively trying to get at your data, but for normal day to day chats the current master branch should be good enough.

Things that are currently still missing: - online key backup: The asymmetric version allows server operators to insert keys and the symmetric one isn't yet supported by any client. I don't use key backup on my account, since I have enough devices that I don't need it and it makes bugs in E2EE harder to find. - cross-signing bootstrap: You need Element to enable cross-signing on your account once atm. - A toggle to only send keys to verified devices in a room and warnings if unverified devices are in a room: currently working on this - Fixing one stupid edge case, where we create new identity keys by mistake, if Nheko fails to open the database and this breaks E2EE for that login. Hard to hit by accident, but it happens quite a lot if you change database code and mess something up. :D

I think apart from that we are in somewhat good shape. I still have a few small things on my to do list and we obviously need to go through the code a few more times to look for mistakes and test it a lot more, but for 0.9.0 that should be doable. After 0.9.0 we'll probably look into fallback keys as well as dehydrated devices.

discuss

No comments yet.