/usr/share/pyshared/keysync-0.2.egg-info/PKG-INFO is in keysync 0.2-2.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 | Metadata-Version: 1.1
Name: keysync
Version: 0.2
Summary: syncs OTR keys between different IM programs
Home-page: https://guardianproject.info/apps/keysync
Author: The Guardian Project
Author-email: support@guardianproject.info
License: GPLv3+
Description:
KeySync - One key for all of your chat apps
===========================================
There are many chat apps that support OTR encryption for verifying messages.
Many of us use multiple chat apps, including one for desktop and another for
mobile, or one for Mac OS X and another for GNU/Linux or Windows. The trust
relationships are only stored locally in the app in a format that is specific
to that app. Switching between all of them means that you have to manage your
trust relationships for each app that you use.
KeySync addresses this problem by allowing you to sync your OTR identity and
trust relationships between multiple apps, which eliminates the need to
re-establish those relationships on each new client/device. It currently works
with ChatSecure on Android, and Pidgin, Adium, and Jitsi on desktop.
Please note: KeySync does not make it easier to have simultaneous encrypted
chats with the same account logged into multiple clients or devices. There
are limitations in the OTR protocol that make this impossible.
How to sync
-----------
To sync between ChatSecure and your desktop apps, plug in your phone or device
via USB and run the sync. Or you can manually copy the `otr_keystore.ofcaes`
file over to your device's SD Card, where ChatSecure looks for it. Using
ChatSecure, you will need to scan the QRCode that KeySync shows you in order
to complete the sync. The `otr_keystore.ofcaes` file is encrypted to prevent
your private information from leaking out. That QRCode is the password to
your keystore, so do not share it with anyone.
If you have multiple chat apps that you use, or you are switching from one to
another, you can use KeySync to sync up the trust relationships between
multiple desktop apps. Here's how:
1. quit all of the chat apps that you want to
2. select whichever apps you want to sync
3. then run the sync
Now, open your chat apps and you should have synced trust! In case of
problems, it saved your original OTR files in place. They are named using a
long string of numbers that represent the time when they were backed up.
This is beta software, do not rely on it for strong identity verification. It
is unlikely to mess up so bad as to produce compromised private keys, but
anything is possible. Also, keep in mind that program is handling your
private OTR keys, so make sure that you don't copy, send or email the
`otr_keystore.ofcaes` file somewhere unsafe. All that said, testing
and feedback is greatly appreciated, so we can get it to the point where we
can trust it.
Adding apps to KeySync
----------------------
This project has libraries for converting the various OTR file formats between
each other. We have focused on the two major versions: libotr format and otr4j,
and then a few variants of those major formats. All OTR implementations can
be supported as long as they can be read and parsed by Python.
KeySync has preliminary support for Gajim and IRSSI, and it has a modular
architecture to allow for expansion. If you want to add an app that is not
already included, you just need to make a single python file that converts
between that app's OTR data format and the KeySync internal format (documented
below).
Reporting bugs
--------------
We appreciate all feedback, be it bug reports, patches, pull requests, feature
requests, etc. Please add your bugs and requests to our issue tracker:
https://dev.guardianproject.info/projects/keysync/issues
Email us at support@guardianproject.info with questions, problems, etc., or
just to let us know that you are using KeySync and find it useful.
INSTALL
=======
KeySync uses lots of Python modules to achieve a smooth syncing
experience. To see a complete list of python modules used on your
platform, see the `dependencies` list in setup.py. Here are some of
the key libraries:
* BeautifulSoup 3 - http://www.crummy.com/software/BeautifulSoup
* psutil - https://code.google.com/p/psutil
* pure-python-otr - https://github.com/afflux/pure-python-otr
* pyasn1 - http://pyasn1.sourceforge.net/
* pycrypto - https://www.dlitz.net/software/pycrypto
* pyjavaproperties - http://pypi.python.org/pypi/pyjavaproperties
* pymtp - https://github.com/eighthave/pymtp
* pyparsing - http://pyparsing.wikispaces.com
* python-pgpdump - https://pypi.python.org/pypi/pgpdump
* Python Imaging Library - http://www.pythonware.com/products/pil
* qrcode - https://github.com/lincolnloop/python-qrcode
* Tkinter - https://wiki.python.org/moin/TkInter
Debian/Ubuntu/Mint/etc
----------------------
We're working to get all packages into official Debian/Ubuntu/etc. releases,
in the meantime you can install KeySync by adding our PPA (fingerprint
F50EADDD2234F563):
sudo add-apt-repository ppa:guardianproject/ppa
sudo apt-get update
sudo apt-get install keysync
PPA URL: https://launchpad.net/~guardianproject/+archive/ppa
If you want to install the dependencies because you're going to develop
KeySync, then install them manually with:
sudo apt-get install python-pyparsing python-pyasn1 python-potr python-pymtp \
python-pyjavaproperties python-beautifulsoup python-qrcode libmtp-dev \
python-pgpdump python-crypto python-psutil python-tk python-imaging-tk
For Debian, you can try using the Ubuntu PPA, with something like oneiric for
wheezy, and natty for squeeze:
deb http://ppa.launchpad.net/guardianproject/ppa/ubuntu oneiric main
Mac OS X
--------
For Mac OS X, you can download the binary app from our website:
https://guardianproject.info
You use Brew, Fink, or MacPorts to install pip and virtualenv, then
use those tools to install KeySync (see the *pip+virtualenv install*
section):
fink install pip-systempython26 virtualenv-systempython26
sudo port install py27-pip py27-virtualenv
For homebrew, see: https://gist.github.com/pithyless/1208841
Once you have pip and virtualenv, then you can start to build the
whole thing. First follow the pip+virtualenv instructions below.
Then come back here and do the following in your virtualenv:
rm -rf build dist
pip install py2app
python setup.py py2app
ls dist/
If you are using py2app older than 0.7.4 on Mac OS X 10.6, then you
need to patch py2app to make it work with python2.6:
pip install --upgrade py2app
patch env/lib/python2.6/site-packages/py2app/build_app.py py2app-python2.6.patch
Windows
-------
For Windows, you can download the binary app from our website:
https://guardianproject.info
Build instructions for Windows are in win32/README.md in the source folder.
Fedora/Redhat/RPMs
------------------
Install these build dependencies locally, then follow the instructions for
pip+virtualenv below:
sudo yum install gmp-devel tk
pip+virtualenv install
------------------
Activate your virtual python environment then run pip to install the dependencies:
virtualenv ./env
. env/bin/activate
pip install -e .
./keysync
For a nice step-by-step HOWTO, see:
http://exyr.org/2011/virtualenv-HOWTO/slides.html
*Note*: Doesn't work on Windows! See win32/README.md
=====
USAGE
=====
Currently, the code allows for reading multiple file formats into a python
dictionary form. The only export method currently activated is for ChatSecure
format in a file called otr_keystore.ofcaes. To use, point the `keysync`
script the app that you want to read OTR info from, and it will generate
`otr_keystore` to send to ChatSecure on your Android device (run
`keysync --help` to see all currently available options).
keysync --input pidgin
=======
FORMATS
=======
libotr
------
Adium:
~/Library/Application Support/Adium 2.0/Users/Default/otr.private_key
~/Library/Application Support/Adium 2.0/Users/Default/otr.fingerprints
~/Library/Application Support/Adium 2.0/Users/Default/Accounts.plist
Uses the standard libotr files and overall file format for
otr.private_key and otr.fingerprints. Account ID is stored as an
integer which must be referenced from the Accounts.plist to get the
actuall XMPP account name (e.g. me@jabber.org). Uses full word
descriptive tags for the various protocols, e.g. libpurple-oscar-AIM,
libpurple-Jabber, etc.
Pidgin
GNU/Linux
~/.purple/otr.private_key
~/.purple/otr.fingerprints
Windows
%APPDATA%\.purple\otr.private_key
%APPDATA%\.purple\otr.fingerprints
Uses the standard libotr files and overall file format for
otr.private_key and otr.fingerprints. Account IDs are used directly
in the libotr files. XMPP/Jabber Account IDs include the "Resource"
e.g. me@jabber.org/Resource or me@jabber.org/Pidgin.
irssi
~/.irssi/otr/otr.key
~/.irssi/otr/otr.fp
Uses the standard libotr file format and files, but names the files
differently, basically abbreviated versions of the libotr names.
Account IDs are used directly in the libotr files.
xchat
~/.xchat2/otr/otr.key
~/.xchat2/otr/otr.fp
Same as irssi
otr4j
-----
ChatSecure:
/data/data/info.guardianproject.otr.app.im/files/otr_keystore
All OTR information is stored in a single Java .properties
file. Private keys, public key fingerprints, and verification status
are each individual properties. This format also includes the
storage of the remote public keys, unlike libotr. otr4j
implementations load the remote public key from the store rather
than always getting it from the OTR session.
Jitsi:
GNU/Linux
~/.jitsi/sip-communicator.properties
~/.jitsi/contactlist.xml
Mac OS X
~/Library/Application Support/Jitsi/sip-communicator.properties
~/Library/Application Support/Jitsi/contactlist.xml
Windows
~/Application Data/Jitsi/sip-communicator.properties
~/Application Data/Jitsi/contactlist.xml
All app settings are stored in a single Java .properties file,
including OTR information. Private keys, public key fingerprints,
and verification status are each individual properties.
pure-python-otr
---------------
pure-python-otr is pure python implementation of the OTR spec. It
includes newer features like Socialist Millionaire's Protocol. The
private key is stored in a separate file per-account. The
fingerprints are stored in the same tab-separated-value format as
libotr but with a fingerprint file per-account.
Gajim:
GNU/Linux:
~/.local/share/gajim/_SERVERNAME_.key3
~/.local/share/gajim/_SERVERNAME_.fpr
~/.config/gajim/config
Windows:
~/Application Data/Gajim/
keyczar
-------
KeyCzar stores keys in JSON files with two different formats: 0.5b and
0.6b. It uses a special base64 encoding with a URL-safe alphabet:
- replaces +
_ replaces /
http://code.google.com/p/keyczar/wiki/DsaPrivateKey
http://code.google.com/p/keyczar/wiki/DsaPublicKey
0.6b
public:
"q": The DSA subprime
"p": The DSA prime
"g": The DSA base
"y": The DSA public key exponent
"size" : The size of the modulus in bits
private:
"publicKey": The JSON representation of the corresponding DsaPublicKey
"x": The secret exponent of this private key
"size" : The size of the modulus in bits
0.5b
public:
"x509": A WebSafeBase64 encoded X509 representation
private:
"pkcs8": A WebSafeBase64 encoded PKCS#8 representation of the private key
"publicKey": A WebSafeBase64 encoding of the key's corresponding DsaPublicKey
ZRTP
----
A ZID record stores (caches) ZID (ZRTP ID) specific data that helps
ZRTP to achives its key continuity feature. Please refer to the ZRTP
specification to get detailed information about the ZID.
ZRTP key types:
2048 bit Diffie-Helman values
3072 bit Diffie-Helman values
256 bit Diffie-Helman elliptic curve
384 bit Diffie-Helman elliptic curve
IMPLEMENTATION
==============
Here are some notes on how things are implemented in KeySync.
Internal key storage
--------------------
The key idea in the implementation is to get everything into a common format
internally. That common format can then be handed to any class for a given
program, which knows how to output it to the correct file format. The current
internal data format is a dict of dicts representing a key, called 'keydict'.
So first, you have a dict representing a given account with a given key
associated with it. This account name is used as the unique ID. Then the
whole collection of keys, both local private keys and remote public keys, are
collected in meta dict with the account name as the key and the whole dict as
the value. This format allows for easy merging, which enables syncing between
files.
Sample structure in python dict notation:
keydict = {
'userid': {
'fingerprint': 'ff66e8c909c4deb51cbd4a02b9e6af4d6af215f8',
'name': 'userid',
'protocol': 'IRC',
'resource': 'laptop', # the XMPP "resource"
'verification': 'verified', # or 'smp' for Socialist Millionares
'p': '<p value>', # public part of the DSA key
'q': '<q value>', # public part of the DSA key
'g': '<g value>', # public part of the DSA key
'x': '<x value>', # core of private DSA key
'y': '<y value>', # core of public DSA key
},
'userid2' : { ... },
...
'useridn' : { ... }
}
Protocol IDs
------------
Unfortunately each app has its own string IDs to represent the different IM
protocols. KeySync uses the Pidgin IDs internally. KeySync is currently
focused on the widely deployed common standards of XMPP and IRC. We welcome
contributions for working with the other protocols. These are the IDs that are
currently working throughout:
prpl-bonjour XMPP Bonjour (serverless XMPP with mDNS discovery)
prpl-irc IRC (Internet Relay Chat)
prpl-jabber XMPP (Jabber)
Here is the full list of IDs from Pidgin:
https://developer.pidgin.im/wiki/prpl_id
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: End Users/Desktop
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: GNU General Public License v3 or later (GPLv3+)
Classifier: Operating System :: POSIX
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: Microsoft :: Windows
Classifier: Topic :: Communications :: Chat
Classifier: Topic :: Software Development :: Libraries
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Utilities
|