OMEMO support in Tails
The OMEMO encryption /oˈmiːmoʊ/ (OMEMO Multi-End Message and Object Encryption) gives you all the advantages you would expect from a modern-day encryption protocol like Future and Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery.
OMEMO not only gives you a better encryption features than OpenPGP and OTR but is also much easier to setup. OMEMO is the encryption you can actually use in your daily life. Turn it on once and forget you ever did.
OMEMO uses the Signal Protocal ratchet to establish secure sessions between every combination of devices for you and your contact. Those sessions are then being used to communicate secure keys to all devices. OMEMO will generate a new key for every message. That key is used to encrypt your message with AES-GCM. The long-lived Signal Protocal sessions in the background deal with the challenges of message reordering, message loss and accidental duplication.
Being built upon PEP (Personal Eventing Protocol) to announce the pre-keys used by Signal Protocal to establish new sessions, OMEMO requires little to no change to the existing XMPP server infrastructure.
Tails could work upstream to help Pidgin impliment OMEMO by assisting with this ticket: https://developer.pidgin.im/ticket/16801
Alternatively, Tails could include Gajim https://packages.debian.org/jessie/net/gajim and Kalkin’s Gajim OMEMO plugin.
OTR is the current default chat encryption option on Tails. OTR is 10 years old and was never designed for modern day instant messaging.
Update from FT/UX meeting, 2020-12-03: we could have a transition period during which we ship both Pidgin and a new client, so that communities have time to switch from OTR to OMEMO. Then the new client does not need to support OTR.
- Related to #7868 (closed)
- Related to #8573
- Related to #14568 (closed)
- Related to #14567
- Related to #17508